Index of /cica9308/UNZIPPED/NT/MAPMEM
Name Last modified Size Description
![[DIR]](/icons/back.gif)
Parent Directory 06-Dec-2005 04:15 -
![[TXT]](/icons/text.gif)
DEVIOCTL.H 31-Oct-1992 18:00 4k
![[DIR]](/icons/folder.gif)
DRIVER/ 06-Dec-2005 04:14 -
MAPMEM.H 24-Feb-1993 11:00 1k
WIN32/ 06-Dec-2005 04:14 -
Build & Run Instructions:
-------------------------
This sample is composed of two parts, the Win32 portion and the
kernel device driver portion. Each part can be found in their
respective directories, WIN32 and DRIVER.
The Win32 portion contains a file, MEMTEST.C, which attempts to
obtain a handle to MAPMEM. The executable is built using the
Windows NT SDK. First update the environment and path by running
<mstools>\setenv.bat. Then change to the directory where you have
the C source code and the makefile. Type NMAKE to compile the Win32
program, GETHNDL.EXE.
The kernel driver portion contains the driver source code, MAPMEM.C
and a text file used to configure your registry so that the driver
can be loaded. The driver is built using the Windows NT DDK.
To build the driver:
1. Edit the MAPMEM\DRIVER\SOURCES file to make sure the INCLUDES
variable points to the proper (PRIVATE\NTOS\INC) path,
2. Assuming you have run <ddk_root>\setenv.bat, build the driver
by typing:
build -cef
(If there are any errors have a look at the build.log, build.err,
and build.wrn files to get an idea of what went wrong.)
3. Copy the newly built driver, OBJ\*\MAPMEM.SYS to the
<nt_root>\system\drivers directory, i.e.:
copy obj\i386\mapmem.sys c:\winnt\system\drivers\
4. Update the registry by running regini.exe on ther mapmem.ini
file, i.e.:
regini mapmem.ini
This adds a MAPMEM driver node under the HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSet\Services tree in the registry, and
also creates a MAPMEM symbolic link under ...\Control\
Session Manager\DOS Devices. You can verify this by starting
REGEDIT.EXE and looking the appropriate places.
5. Reboot.
6. Type:
net start mapmem
...and then execute MEMTEST.EXE.
API Info:
---------
The ZwMapViewOfSection and ZwUnmapViewOfSection kernel-mode
driver APIs provide a way to map and unmap a physical section
of memory into the address space of a user mode process.
These APIs were not prototyped or documented in the October
1992 release of the Windows NT Device Driver Kit. However,
they are included in the library (.LIB) files, and calls to
these functions will be resolved by the linker at link time.
A description and example of these APIs follow:
NTSTATUS
ZwMapViewOfSection(
IN HANDLE SectionHandle,
IN HANDLE ProcessHandle,
IN OUT PVOID *BaseAddress,
IN ULONG ZeroBits,
IN ULONG CommitSize,
IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
IN OUT PULONG ViewSize,
IN SECTION_INHERIT InheritDisposition,
IN ULONG AllocationType,
IN ULONG Protect
);
/*++
Routine Description:
This function maps a view in the specified subject process to
the section object.
Arguments:
SectionHandle - Supplies an open handle to a section object.
ProcessHandle - Supplies an open handle to a process object.
BaseAddress - Supplies a pointer to a variable that will
receive the base address of the view. If the initial
value of this argument is not null, then the view will
be allocated starting at the specified virtual
address rounded down to the next 64kb address
boundary. If the initial value of this argument is
null, then the operating system will determine
where to allocate the view using the information
specified by the ZeroBits argument value and the
section allocation attributes (i.e. based and
tiled).
ZeroBits - Supplies the number of high order address bits that
must be zero in the base address of the section
view. The value of this argument must be less than
21 and is only used when the operating system
determines where to allocate the view (i.e. when
BaseAddress is null).
CommitSize - Supplies the size of the initially committed
region of the view in bytes. This value is rounded up
to the next host page size boundary.
SectionOffset - Supplies the offset from the beginning of the
section to the view in bytes. This value is
rounded down to the next host page size boundary.
ViewSize - Supplies a pointer to a variable that will receive
the actual size in bytes of the view. If the value
of this argument is zero, then a view of the
section will be mapped starting at the specified
section offset and continuing to the end of the
section. Otherwise the initial value of this
argument specifies the size of the view in bytes
and is rounded up to the next host page size
boundary.
InheritDisposition - Supplies a value that specifies how the
view is to be shared by a child process created
with a create process operation.
InheritDisposition Values
ViewShare - Inherit view and share a single copy
of the committed pages with a child process
using the current protection value.
ViewUnmap - Do not map the view into a child
process.
AllocationType - Supplies the type of allocation.
MEM_TOP_DOWN
Protect - Supplies the protection desired for the region of
initially committed pages.
Protect Values
PAGE_NOACCESS - No access to the committed region
of pages is allowed. An attempt to read,
write, or execute the committed region
results in an access violation (i.e. a GP
fault).
PAGE_EXECUTE - Execute access to the committed
region of pages is allowed. An attempt to
read or write the committed region results in
an access violation.
PAGE_READONLY - Read only and execute access to the
committed region of pages is allowed. An
attempt to write the committed region results
in an access violation.
PAGE_READWRITE - Read, write, and execute access to
the region of committed pages is allowed. If
write access to the underlying section is
allowed, then a single copy of the pages are
shared. Otherwise the pages are shared read
only/copy on write.
Return Value:
Returns the status
--*/
NTSTATUS
ZwUnmapViewOfSection(
IN HANDLE ProcessHandle,
IN PVOID BaseAddress
);
/*++
Routine Description:
This function unmaps a previously created view to a section.
Arguments:
ProcessHandle - Supplies an open handle to a process object.
BaseAddress - Supplies the base address of the view.
Return Value:
Returns the status
--*/