variable between user-mode and kernel-mode

variable between user-mode and kernel-mode

Post by SL » Wed, 14 Dec 2005 18:29:50


I have a library(.lib) for kernel-mode WDM driver and build with VC.
It should build with DDK, but it build with VC when I first get it's source
code.
And it seem work well for several month.

If library have a variable "Var", and WDM driver use "extern" to get the
value of "Var".
It work, and the value is correct.

Now, my problem is:
1. Is the "Var" of library in user-mode space ?
2. If yes, will any problem that kernel-mode code access user-mode memory
pool like this ? Can I say this is security bug of Windows ?

Thank for any help.

SL.
 
 
 

variable between user-mode and kernel-mode

Post by UGF2ZWwgQS » Wed, 14 Dec 2005 20:53:01


It's good that you undertand this...


No, it is statically linked to the driver so it sits in kernel space.

--PA

 
 
 

variable between user-mode and kernel-mode

Post by Burkhardt » Wed, 14 Dec 2005 21:14:18


Donno enough to answer precisely, but it might be so.
You might have this effect, because the kernel mode part is
always running in the thread context of the user mode process due
to an ioctl.

No.

Kind regards
Burkhardt Braun
 
 
 

variable between user-mode and kernel-mode

Post by Doron Hola » Thu, 15 Dec 2005 03:36:55

just b/c they use the same lib, does not mean that even if they are
executing in the same context that the driver has visiblity to the extern
"Var" in the user mode application. The address of "Var" will be different
for the driver and the app. unless the driver has a hardcoded address or is
passed the address of Var, there is no way it can access the application's
version of "Var"

d

--
Please do not send e-mail directly to this alias. this alias is for
newsgroup purposes only.
This posting is provided "AS IS" with no warranties, and confers no rights.
 
 
 

variable between user-mode and kernel-mode

Post by Tim Robert » Thu, 15 Dec 2005 16:27:23


Then, may I ask, why did you answer the question?
--
- Tim Roberts, XXXX@XXXXX.COM
Providenza & Boekelheide, Inc.
 
 
 

variable between user-mode and kernel-mode

Post by Burkhardt » Fri, 16 Dec 2005 02:04:23


Yes feel free to ask. Here in good old europe, where I live,
we do not need to ask if we are allowed to ask, we just ask.
Because the point of visibility of the variable does not depend
on user mode or kernel mode space.
If the global declared variable in the lib running in user mode space
is accessed in kernel mode through a synchronous ioctl,
than it is visible for the kernel.
That's because "user virtual addresses and kernel virtual addresses refer to the
same physical locations, given the same process context."

Kind regards
Burkhardt Braun
 
 
 

variable between user-mode and kernel-mode

Post by Doron Hola » Fri, 16 Dec 2005 02:11:43

but that is not what the OP asked. he wanted to know if by the very usage
of the lib which contains a global if the driver and UM app shared it. he
didn't say he was passing the memory down to the driver. The very nature of
the question would lead me to believe that the OP did not even know how to
send the memory down to the driver to have it locked, since the original
question was fundamentally about a language construct.

d
--
Please do not send e-mail directly to this alias. this alias is for
newsgroup purposes only.
This posting is provided "AS IS" with no warranties, and confers no rights.
 
 
 

variable between user-mode and kernel-mode

Post by Burkhardt » Fri, 16 Dec 2005 03:32:29


Ahh! Now I understand. The OP is only(!) using the declaration of the
variable to "share" it. That will not work.
I took a memory exchange between the lib and the WDM driver for granted.
Kind regards
Burkhardt Braun
 
 
 

variable between user-mode and kernel-mode

Post by Maxim S. S » Fri, 16 Dec 2005 09:41:53

> 1. Is the "Var" of library in user-mode space ?

No. The library is linked in the driver, and Var will be in the driver's .data
section in the kernel.

--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
XXXX@XXXXX.COM
http://www.yqcomputer.com/
 
 
 

variable between user-mode and kernel-mode

Post by SL » Fri, 16 Dec 2005 13:43:05

Thanks all !

I ask this question because the driver random BSOD(page fault) at corner
case, although it work well usually.
When I remove some code that read variable from lib(only used by this
driver), the probability of crash seem be improved
So I want to make sure if this is the answer about crash..
The variable define in lib like this:

const Structure_A data[1] = {
NULL,
NULL,
10,
0,
};

And read by driver like this:

x = &data[0];
a = x.FieldA;
b = x.FieldB;
---------------------------------------
But, it seem not the answer about crash if this kind access is legal.

SL.