Geek Answers Handbook

How to exchange memory between services and user processes?

I have a set of Win32 applications that exchange information using a shared memory segment created with CreateFileMapping()and MapViewOfFile(). One application is a system service; the rest are started by the logged in user. There were no problems with Windows XP. We called our segments "Global \ Something" and everything was fine.

Additional security in Vista (and presumably Windows 7) does not seem to allow this architecture to work. Ordinary users are not allowed to create objects (Win32 error 5) in the global namespace. MSDN indicates that if the account has a “create global” privilege, then everything should be fine, but in practice it is not. In addition, Vistas' integrity features appear to prevent users of 'low integrity' from accessing a shared memory object with a high degree of integrity. It seems that I can fix it with a magic spell SetSecurityDescriptorSacl(), but I can hardly talk about the sakla.

So the question is: What is the correct way to use a shared memory segment between services and normal user processes?

To preempt the easy answer “just turn off the UAC”, they were in a rather closed environment, and this is not possible.

Change The service and user process need read / write access to the segment.

+5
source share
1 answer

The easiest way is to give your service the creation of shared memory and specify the DACL in CreateFileMapping, which gives regular users read access to the shared memory.

, . , , , IPC, , , DuplicateHandle, . , .

DACL - ConvertStringSecurityDescriptorToSecurityDescriptor, SDDL ACL.

DACL SDDL.

// Error handling removed for brevity
SECURITY_ATTRIBUTES security;
ZeroMemory(&security, sizeof(security));
security.nLength = sizeof(security);
ConvertStringSecurityDescriptorToSecurityDescriptor(
         L"D:P(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GR;;;IU)",
         SDDL_REVISION_1,
         &security.lpSecurityDescriptor,
         NULL);

CreateFileMapping(INVALID_HANDLE_VALUE, &security,
              PAGE_READWRITE, sizeHigh, sizeLow, L"Global\\MyObject");

LocalFree(securityDescriptor.lpSecurityDescriptor);

"D: P (A; OICI; GA;;; SY) (A; OICI; GA;;; BA) (A; OICI; GR;;; IU)" DACL. D: P , DACL ( SACL... SACL), ACE, , . A () (OICI). (GA - ) (SY) (BA, ). (GR) (IU), .

, OpenFileMapping, . , .

, GR GWGR. , - , , , .

+9

More articles:


All Articles