CODEWITHSUNDEEP
c++cwindowskernel
think more
think more

Reputation: 136

How to have deep copy of pointers send inside structure to kernel?

I have this kind of structure in user space:

struct foo {
    int* a;
    int aSize;
    int* b;
    int bSize;
};

I initialize pointers by allocating memory for them.

In windows kernel I dereference this structure in IOCTL, IRP_DEVICE_CONTROL with:

PVOID inBuf, outBuf; // pointer to struct
inBuf = pIoStackLocation->Parameters.DeviceIoControl.Type3InputBuffer;
inBufLength = pIoStackLocation->Parameters.DeviceIoControl.InputBufferLength;

and then lock that memory so I could access from kernel. The question is, how to to have deep copy of structure with pointers pointed memory, as for now, if I just send structure with pointers, memory to which pointers are pointing doesn't get send to kernel, so I can't lock them. I want to be able to dynamically allocate pointers inside structure and then let kernel use them.

Upvotes: 0

Views: 181

Answers (1)

ImmortaleVBR
ImmortaleVBR

Reputation: 640

You have to access the memory of your user-mode process using the pointer addresses you gave to your device driver (from kernel-mode - and then you can copy the data to a kernel-mode buffer) or store the actual integer values within the structure instead of using pointers for it.

Alternatively, if you're attached to your user-mode process from kernel-mode, then you can use the pointer addresses from the structure fields to read/write to the data pointed by them (directly) anyway. There's also NtReadVirtualMemory (if you did a bit of work to find the address via KeServiceDescriptorTable or memory scanning).

Upvotes: 1

Related Questions