Okay, I just had a chat with good old _Stone - and he confirmed that all processes have the same view of the kernel mode memory region. And ExAllocatePool + friends allocate memory from this region. So, allocating memory in a driver + using some (probably undocumented, probably Mm* prefix) protection to change the page permissions (or, if you're a stupid zealot, hack up the page tables manually and suffer), it should be possible to allocate globally visible memory.

Sounds pretty much like a walk in the park, compared to some of the methods I've heard discussed :P - unless of course there's some tricky catch to this, like no easily accessible page protection API from kernel mode.
Posted on 2004-01-21 16:01:57 by f0dder

If that's true, couldn't one allocate some kernel memory, and mark it as user accessible?
Hi, f0dder! Download last KmdKit v1.5 ( http://www.freewebs.com/four-f/ ) and take a look at this example: KmdKit\examples\basic\MemoryWorks\SharingMemory

Corresponding tut is available on wasm.ru (Russian only). But you can find... can't remember the exact title... something like "Sharing memory between kernel-mode and user-mode" on osr.com. If you can't find it, tell me, I'll try.
Posted on 2004-01-23 06:52:40 by Four-F
Hi Four-F, haven't looked at the example yet, but I will a bit later.

But... if you're doing the same thing as that article, isn't the memory only mapped in the context of the user process invoking the driver? I need memory that is available in the context of *all* ring3 applications - something along the lines of allocating kernel-mode memory in the >0x80000000 range, and changing the PTEs to allow usermode access - as I see it, that would mean the memory is available in all processes, and accessible from user mode?
Posted on 2004-01-23 07:09:15 by f0dder

But... if you're doing the same thing as that article, isn't the memory only mapped in the context of the user process invoking the driver?


Yes. Only in the context of the user process invoking the driver.



I need memory that is available in the context of *all* ring3 applications - something along the lines of allocating kernel-mode memory in the >0x80000000 range, and changing the PTEs to allow usermode access - as I see it, that would mean the memory is available in all processes, and accessible from user mode?


I'll think about it.
Posted on 2004-01-23 07:22:35 by Four-F
Thanks.

As far as I've understood, memory allocated with stuff like ExAllocatePool will be in the 0x80000000+ range, and mapped globally visible to all processes - but with supervisor-only access. Thus, if the S/U bit is set to user access, one should have a way of allocating gobally visible memory on NT...

I don't know whether there are any catches, though - like PTEs possibly being rebuilt from MDLs, and thus discarding the S/U bit. I think it's more likely that they'd be paged out, though, if anything.

I really need a nap now, perhaps I'll do some driver fiddling later on today :)
Posted on 2004-01-23 07:50:18 by f0dder
If it does not have to be too perfect.

Create a service. Then when it's called to be shut down, monitor the processes in OS, if they start counting down or hit a minimum, as in an actual shutdown. Then do your media checks and advise user and then close the service.

Regards, P1 :cool:
Posted on 2004-01-23 09:50:30 by Pone
quote: ;-) - I'm not going to, since you acknowledge the potential problems of using stuff that's not officially documented.

As long as the Pentium is the processor than only Intel's rules are documented in stone. For instance certain system memory parameters can not be paged out and as long as you are working with certain generations of software you know where they are. I'm glad that many in this forum are not afraid to experiment like some and unstead of spending all there time telling others that what they do isn't the right way but spend their time producing something tangeable and real unstead of pure speculation than we can all benefit from helping one another rather than critisizing and ridiculing.
Posted on 2004-01-23 23:16:31 by mrgone
Perhaps you don't mind if your software (or software you've purchased) suddenly stops working on a future version of windows, because the developer made some "safe assumptions." Such "safe assumptions" would include "oh, that pitch thingy isn't used on any of our video cards, we'll just multiply by width", or "we can access ports just fine in win32, so we'll use those for keyboard input". The windows version of XCOM had the pitch assumption, and was easily fixable. POD (that old "first game using MMX" racing thing from microsoft) does port access, iirc some keyboard port stuff.

Yes, some rules are pretty much set in stone by the processor... but there's a lot of OS-related things that aren't set in stone, even if they have remained pretty much constant for a while. I wouldn't depend on the kernel mapping the pagetables to the same linear address for all future versions of windows. And I won't depend on windows not deciding to rebuild PTEs from MDLs, if it feels like it.

And I am not afraid to experiment - I am, however, against taking the results of an experiment and assume that inner system workings will always stay that way in the future just because you've seen such behaviour on a couple of versions. And I am even more against using "unsafe" methods in released software.
Posted on 2004-01-24 09:05:35 by f0dder
Everything you wrote 15 years ago in DOS works in all Windows versions to date...lol May I remind you that a computer is nothing more than memory and I/O with a processor to run it all. KISS man, cut to the quick. Every heard of version 1,2,3 etc. I don't have a crystal ball but judging from past experience, when a new version of the operating system comes out it tends to hang around for a few years. I'm a hardware guy anyway. Machine language is my gig. Guess we all can't be like you. Isn't that what makes the world go round?
Posted on 2004-01-24 12:55:28 by mrgone
Posted on 2004-01-24 13:48:26 by comrade

Everything you wrote 15 years ago in DOS works in all Windows versions to date

I didn't write code 15 years ago, but the majority of the stuff I coded for DOS actually still works even under Windows NT... because I coded (relatively) clean applications... like, not doing port I/O when not necessary.


Machine language is my gig. Guess we all can't be like you. Isn't that what makes the world go round?

Whatever language you code in, it makes sense to follow the OS conventions and use the API where you can - that way, you're guaranteed a much higher chance of your stuff working on future OS versions. Most properly coded win3.x stuff still works even on WinXP, while some win32 apps fail - because they cut some corners because "hey, it works on MY version of windows". 'nuff said.
Posted on 2004-01-24 14:00:06 by f0dder
I don't know, but i see that Notepad can do this, Open Notepad, type some text to it but don't save , try Shut down computer ...
Posted on 2004-01-27 22:39:58 by neverending
neverending, that does not work as it can easily be by-passed. Windows asks if I'd like to terminate the application and then it shuts down as requested. I need it to work in a secure way and a driver seems to be required.
Posted on 2004-01-28 02:39:28 by bitRAKE