I know that we can pass parameters to API functions in three types of Passing by Value, Passing Indirectly and Passing by Reference.
My question is about Indirect mode; can we change address of allocated memory space on demand or that's done by windows in some restricted area which is owned by windows core?
In other words can we tell windows upon structure creation time to make and store needed structure in a memory area that we specified?
How about passing by Reference? if we call the API function which is accept parameters by reference, does windows places and keeps structures in the same memory area on each call or not?
Related
I am doing some work that requires interprocess communication. I created a memory-mapped file using CreateFileMapping (using windows API) in one process. In another process I used OpenFileMapping and MapViewOfFile to access the (supposedly) same data. I found that the address of these data are different in each process, is this expected or have I done something wrong?
This is completely expected and normal behavior.
Different processes have different address spaces. A pointer in one process is not valid in another process. What is important is that each process obtains its own local valid pointer to your shared mapping object. When each process wants to access the data inside of the shared mapping object, the access needs to be done using pointers and addresses that are relative to each process.
This is covered in more detail in Microsoft's own documentation: File Mapping
I'm trying out Windows support for Condition Variables today (as provided by Microsoft for Windows Vista and later). To initialize a condition variable, I call InitializeConditionVariable(), which is straightforward enough, but I don't see any way provided to destroy the condition variable when I'm done using it. Why is there no DeleteConditionVariable() function?
(I'd expect the API to be analogous to the existing CreateCriticalSection() / DestroyCriticalSection() API)
A conditional variable is a very light-weight object that is internally based on a single global kernel keyed event object that is always available through every process's entire lifetime. The conditional variable simply contains a pointer to that object. So there is nothing that needs to be freed explicitly, thus no delete function is needed.
Problem defitintion
I have two applications: First and Second. The First is mine, the Second is developed by the outsource.
1) At a certain time I need to send a message from the First app to the Second, to make Second one visible and maximized, after it has been minimized.
2) In order to do the (1) step, Second app should store its handle somewhere in a shared memory, which could be accessed by the name or by whatever it might be (like mutexes do).
Question
So, what is the better option to store data (a handle) in an operating memory?
If you want to store this information in a shared place, then you would typically use shared memory. In Windows terms that's a file mapping object. Create one by calling CreateFileMapping. These are kernel objects and so can be named in the kernel namespace.
File mappings are not a whole lot of fun to work with, so you might like to find an easier solution. Give your application's main form a unique class name. For instance you might name the form's class TMyCompanyNameMyProductNameMainForm. Then call FindWindow passing that class name to find an existing application window.
Is there a function that you can use to provide a mapping an address to use?
I am trying to figure out a way to take advantage of large pages even when I have to map small files. I know I can waste memory. Optionally I could use VirtualAlloc to allocate a page sized block which I could then dice up and map multiple files into. I am assuming, since memory mapping is backed by the virtual memory subsystem, that this is not possible - a single page of memory probably has to be backed by a single file.
I thought I would ask before I did anything.
I suspect that it is impossible, but just an idea:
Address allocation decision belongs to MapViewOfFile, not to CreateFileMapping. And MapViewOfFile certainly calls some native API stuff in NTDLL.DLL. You could figure out which function does it call to actually create a mapping, and who knows — that function might be more flexible and allow something which is impossible with KERNEL32. (e.g. we know that PE file sections are mapped in a manner you can't imitate with MapViewOfFile).
I have got many of my questions solved here, many thanks to you guys. And I'd like to ask one more. :)
I am reading about < Windows via C/C++ >, it said:
When we wnat to gain access to an existing kernel object (rather than create a new one), we must speicify the operations we intend to perform on the object. If we are allowed access with such operations, a handle to the kernel object is returned.
...if the returned handle is used to call an API that requires a right different from you requested for, the access-denied error occurs.
AFAIK, handle is just a plain integer number, it's just an index into the process' handle table, nothing more could the handle value provide. If we have already got a handle to a kernel object, how could the system detect we use it for other operations than we requested for?
A kernel object can have more than one handles, and the owners of these handles may have different access types. Where does the system store these different access type info? I think it should be in the process' handle table.
Suppose I try to open a single kernel object with 2 different access types, 2 handles to the same kernel object should be returned, and thus there'll be 2 entries in the process' handle table, pointing to the same kernel object.
Any insight will be deeply appreciated.
Update 1
Thanks guys.
I referred to the < Windows Internals > 5th edition, it said at Ch 6. Access Checks:
The Windows security model requires that a therad speicfy up front, at the time that it opens an object, what types of actions it wants to perfrom on the object. The object manager calls the SRM to perform access checks based on a thread's desired access, and if the access is granted, a handle is assigned to the thread's process with which the thread (or other threads in the process) can perform further operations on the object. As explained in Chapter 3, the object menager records the access permissions granted for a handle in the process's handle table.
So it seems my guess is right.
Thanks.
Every kernel object that is active will have a series of rights stored against it. This is just another table managed by the Security Reference Manager (SRM). When the security is asserted by the object manager then the object handle will looked up to collect the object reference (ObReferenceObjectByHandle) and the resultant object , can be used to look up the rights (ObCheckObjectAccess). There will be indirections involving security tokens, but in essence this is the theory. So two handles may indeed point to the same reference object.
There is a good description of what happens during a ObCheckObjectAccess call in Windows Internals (mine version 5).
Paraphrasing it here :
The ObCheckObjectAccess takes the object, the credentials of the calling thread and the access requested and calls the SRM (SeAccessCheck) so that it can work out whether the right is asserted or denied.