It could be found elsewhere but I thought to add this piece of assembly to my blog ;) Sharing memory between process can be accomplished using many ways one among them is using CreateFileMapping api. It allows us to share memory between processes in the form of page file or a normal system file. We will go with the former. The structure of CreateFileMapping as from msdn at the time of writing.
HANDLE WINAPI CreateFileMapping(
__in HANDLE hFile,
__in_opt LPSECURITY_ATTRIBUTES lpAttributes,
__in DWORD flProtect,
__in DWORD dwMaximumSizeHigh,
__in DWORD dwMaximumSizeLow,
__in_opt LPCTSTR lpName
);
When INVALID_HANDLE_VALUE is used as the handle the memory is allocated from the page file. To use the file on the disk you may use CreateFile or OpenFile fetch the handle and access the files. And when the INVALID_HANDLE_VALUE is used we have to define the dwMaximumSizeHigh and Low values. I've written two separate asm snippets which can be compiled and loaded into the debuggers (separately) to understand the functionality of shared memory access.
First Process
The first program creates a filemapping with a name Global that can be used across all the process to access that shared memory using MapViewOfFile (which fetches the location of the shared memory). When you have the shared memory location you can write in data or read from it. The second program modifies the data that in the shared memory and displays that in the MessageBox. Play around in the debuggers setting BP's and check the memory locations (returned by MapViewOfFile) before and after stepping over MOVSB instructions.
Second Process
PS:There's a similar code in msdn
binaryhaX0r
HANDLE WINAPI CreateFileMapping(
__in HANDLE hFile,
__in_opt LPSECURITY_ATTRIBUTES lpAttributes,
__in DWORD flProtect,
__in DWORD dwMaximumSizeHigh,
__in DWORD dwMaximumSizeLow,
__in_opt LPCTSTR lpName
);
When INVALID_HANDLE_VALUE is used as the handle the memory is allocated from the page file. To use the file on the disk you may use CreateFile or OpenFile fetch the handle and access the files. And when the INVALID_HANDLE_VALUE is used we have to define the dwMaximumSizeHigh and Low values. I've written two separate asm snippets which can be compiled and loaded into the debuggers (separately) to understand the functionality of shared memory access.
First Process
.data
szName db "Globe", 0 lpTest db "This was written by the first process", 0 .data? hFile_Map dd ? buffer dd ? count dd ? .code start: invoke CreateFileMapping, INVALID_HANDLE_VALUE, NULL, PAGE_READWRITE, 0, 256, ADDR szName mov hFile_Map, eax invoke MapViewOfFile, hFile_Map, FILE_MAP_ALL_ACCESS, NULL, NULL, NULL mov buffer, eax lea esi, lpTest mov edi, buffer mov ecx, SIZEOF lpTest rep movsb invoke MessageBox, NULL, buffer, NULL, MB_OK invoke UnmapViewOfFile, buffer invoke ExitProcess, NULL end start |
The first program creates a filemapping with a name Global that can be used across all the process to access that shared memory using MapViewOfFile (which fetches the location of the shared memory). When you have the shared memory location you can write in data or read from it. The second program modifies the data that in the shared memory and displays that in the MessageBox. Play around in the debuggers setting BP's and check the memory locations (returned by MapViewOfFile) before and after stepping over MOVSB instructions.
Second Process
.data szName db "Globe", 0 lpTest db "This is from Second program", 0 .data? hFile_Map dd ? buff_Addr dd ? .code start: invoke OpenFileMapping, FILE_MAP_ALL_ACCESS, FALSE, ADDR szName mov hFile_Map, eax invoke MapViewOfFile, hFile_Map, FILE_MAP_ALL_ACCESS, NULL, NULL, 256 mov buff_Addr, eax invoke MessageBox, NULL, buff_Addr, NULL, MB_OK lea esi, lpTest mov edi, buff_Addr invoke lstrlen, buff_Addr mov ecx, eax rep movsb invoke UnmapViewOfFile, buff_Addr invoke ExitProcess, NULL end start |
binaryhaX0r
No comments:
Post a Comment