F
Frankooo
Guest
auto Readstring = (char*)MapViewOfFile(hMapFileW, FILE_MAP_WRITE, 0, 0, 4096);
printf("message has been sent to kernel [Read]! \n");
FlushViewOfFile(Readstring, 4096);
UnmapViewOfFile(Readstring);
// maybe am stupid
auto send_test = (char*)MapViewOfFile(hMapFileW, FILE_MAP_WRITE, 0, 0, 4096);
printf("message has been sent to kernel [Test]! \n");
FlushViewOfFile(send_test, 4096);
UnmapViewOfFile(send_test);
that's what am trying to do and everytime i try to send the "Read" string + "Test" string it doesn't do anything but , if i only send "Read" string to my mapped section i can read it fine . i just want to know is it a problem because am not defining any offset to mapviewoffile but i have also tried to use (sizeof(char*)) and it didn't work. basically its simple i just want to send this 2 strings to my second process which has a while loop running it will check the first string and if its equal to the shared memory section it will execute the other while loop which keeps reading shared memory until its equal to the string "Test" this is how am reading the strings from my second process "its kernel btw".
while (TRUE)
{
DbgPrintEx(0, 0, "running waiting for a command to execute.. \n");
ReadSharedMemory();
if (strcmp((PCHAR)SharedSection, "Stop") == 0) {
DbgPrintEx(0, 0, "breaking out of the loop");
break;
}
while (!(PCHAR)SharedSection == NULL && strcmp((PCHAR)SharedSection, "Read") == 0)
{
DbgPrintEx(0, 0, "Read loop is running\n");
ReadSharedMemory();
DbgPrintEx(0, 0, "sharedsection string - > : %s\n", (PCHAR)SharedSection);
LARGE_INTEGER Timeout;
Timeout.QuadPart = RELATIVE(SECONDS(1));
KeDelayExecutionThread(KernelMode, FALSE, &Timeout);
if (!(PCHAR)SharedSection == NULL && strcmp((PCHAR)SharedSection, "Test") == 0)
{
DbgPrintEx(0, 0, "it works finally !!!! \n");
DbgPrintEx(0, 0, "[Test while loop]sharedsection string - > : %s\n", (PCHAR)SharedSection);
}
}
and here is how i am reading shared memory
if (sectionHandle)
return;
if (SharedSection)
ZwUnmapViewOfSection(NtCurrentProcess(), SharedSection);
SIZE_T ulViewSize = 1024 * 10;
NTSTATUS ntStatus = ZwMapViewOfSection(sectionHandle, NtCurrentProcess(), &SharedSection, 0, ulViewSize, NULL, &ulViewSize, ViewShare, 0, PAGE_READWRITE | PAGE_NOCACHE);
if (ntStatus != STATUS_SUCCESS)
{
DbgPrintEx(0,0,"ZwMapViewOfSection fail! Status: %p\n", ntStatus);
ZwClose(sectionHandle);
return;
}
DbgPrintEx(0,0,"ZwMapViewOfSection completed!\n");
DbgPrintEx(0, 0, "String is : %s now !\n", (PCHAR)SharedSection);
and sharedsections is just a null PVOID.
i did search before i ask this question and the only thing that i haven't tried is to change the mapping offset (place) i don't know if that is the case.
Continue reading...
printf("message has been sent to kernel [Read]! \n");
FlushViewOfFile(Readstring, 4096);
UnmapViewOfFile(Readstring);
// maybe am stupid
auto send_test = (char*)MapViewOfFile(hMapFileW, FILE_MAP_WRITE, 0, 0, 4096);
printf("message has been sent to kernel [Test]! \n");
FlushViewOfFile(send_test, 4096);
UnmapViewOfFile(send_test);
that's what am trying to do and everytime i try to send the "Read" string + "Test" string it doesn't do anything but , if i only send "Read" string to my mapped section i can read it fine . i just want to know is it a problem because am not defining any offset to mapviewoffile but i have also tried to use (sizeof(char*)) and it didn't work. basically its simple i just want to send this 2 strings to my second process which has a while loop running it will check the first string and if its equal to the shared memory section it will execute the other while loop which keeps reading shared memory until its equal to the string "Test" this is how am reading the strings from my second process "its kernel btw".
while (TRUE)
{
DbgPrintEx(0, 0, "running waiting for a command to execute.. \n");
ReadSharedMemory();
if (strcmp((PCHAR)SharedSection, "Stop") == 0) {
DbgPrintEx(0, 0, "breaking out of the loop");
break;
}
while (!(PCHAR)SharedSection == NULL && strcmp((PCHAR)SharedSection, "Read") == 0)
{
DbgPrintEx(0, 0, "Read loop is running\n");
ReadSharedMemory();
DbgPrintEx(0, 0, "sharedsection string - > : %s\n", (PCHAR)SharedSection);
LARGE_INTEGER Timeout;
Timeout.QuadPart = RELATIVE(SECONDS(1));
KeDelayExecutionThread(KernelMode, FALSE, &Timeout);
if (!(PCHAR)SharedSection == NULL && strcmp((PCHAR)SharedSection, "Test") == 0)
{
DbgPrintEx(0, 0, "it works finally !!!! \n");
DbgPrintEx(0, 0, "[Test while loop]sharedsection string - > : %s\n", (PCHAR)SharedSection);
}
}
and here is how i am reading shared memory
if (sectionHandle)
return;
if (SharedSection)
ZwUnmapViewOfSection(NtCurrentProcess(), SharedSection);
SIZE_T ulViewSize = 1024 * 10;
NTSTATUS ntStatus = ZwMapViewOfSection(sectionHandle, NtCurrentProcess(), &SharedSection, 0, ulViewSize, NULL, &ulViewSize, ViewShare, 0, PAGE_READWRITE | PAGE_NOCACHE);
if (ntStatus != STATUS_SUCCESS)
{
DbgPrintEx(0,0,"ZwMapViewOfSection fail! Status: %p\n", ntStatus);
ZwClose(sectionHandle);
return;
}
DbgPrintEx(0,0,"ZwMapViewOfSection completed!\n");
DbgPrintEx(0, 0, "String is : %s now !\n", (PCHAR)SharedSection);
and sharedsections is just a null PVOID.
i did search before i ask this question and the only thing that i haven't tried is to change the mapping offset (place) i don't know if that is the case.
Continue reading...