Help!! Can't call the ZwOpenSection_

[end7]

when i call "ZwOpenSection_" ,is failed,and retune "-1073741819".why?
i creat it unicode
anybody can help me!!

Code: Select all

#SECTION_MAP_WRITE = $2
#SECTION_MAP_READ = $4
Structure UNICODE_STRING
    Length.w
    MaximumLength.w
    Buffer.l
EndStructure
Structure OBJECT_ATTRIBUTES
    Length.l
    RootDirectory.l
    ObjectName.l
    Attributes.l
    SecurityDeor.l
    SecurityQualityOfService.l
EndStructure

Status.l
Attributes.OBJECT_ATTRIBUTES 
PhysmemString.UNICODE_STRING   
AdrString.s="\Device\PhysicalMemory"
RtlInitUnicodeString_(@PhysmemString, @adrString)
With Attributes
    \Length = SizeOf(Attributes)
    \RootDirectory = 0
    \ObjectName = @PhysmemString
    \Attributes = 0
    \SecurityDeor = 0
    \SecurityQualityOfService = 0
EndWith  
Status = ZwOpenSection_(g_hMPM,#SECTION_MAP_WRITE Or #SECTION_MAP_READ, @Attributes)
Debug Status

[ABBKlaus]

i think it is not possible what you want :

If the section does not exist or the system did not grant the requested access, the operation fails.

Once the handle pointed to by SectionHandle is no longer in use, the driver must call ZwClose to close it.

If the caller is not running in a system thread context, it must ensure that any handles it creates are private handles. Otherwise, the handle can be accessed by the process in whose context the driver is running. For more information, see Object

Code: Select all

Debug "Status="+RSet(Hex(Status),8,"0")
Select Status
  Case #STATUS_SUCCESS
    Debug "#STATUS_SUCCESS"
  Case #STATUS_ACCESS_DENIED
    Debug "#STATUS_ACCESS_DENIED"
  Case #STATUS_INVALID_HANDLE
    Debug "#STATUS_INVALID_HANDLE"
EndSelect

[end7]

Thanks ABBKlaus

But now the Status return "C0000005",what mean it?

Code: Select all

#STATUS_ACCESS_DENIED = $C0000022
#STATUS_INVALID_HANDLE = $C0000008
#STATUS_SUCCESS = $0

#SECTION_MAP_WRITE = $2
#SECTION_MAP_READ = $4
Structure UNICODE_STRING
    Length.w
    MaximumLength.w
    Buffer.l
EndStructure
Structure OBJECT_ATTRIBUTES
    Length.l
    RootDirectory.l
    ObjectName.l
    Attributes.l
    SecurityDeor.l
    SecurityQualityOfService.l
EndStructure


Status.l
Attributes.OBJECT_ATTRIBUTES 
PhysmemString.UNICODE_STRING   
AdrString.s="\Device\PhysicalMemory"
RtlInitUnicodeString_(@PhysmemString, @adrString)
With Attributes
    \Length = SizeOf(Attributes)
    \RootDirectory = 0
    \ObjectName = @PhysmemString
    \Attributes = 0
    \SecurityDeor = 0
    \SecurityQualityOfService = 0
EndWith  
Status = ZwOpenSection_(g_hMPM,#SECTION_MAP_WRITE Or #SECTION_MAP_READ, @Attributes)
Debug "Status="+RSet(Hex(Status),8,"0") 
Select Status 
  Case #STATUS_SUCCESS 
    Debug "#STATUS_SUCCESS" 
  Case #STATUS_ACCESS_DENIED 
    Debug "#STATUS_ACCESS_DENIED" 
  Case #STATUS_INVALID_HANDLE 
    Debug "#STATUS_INVALID_HANDLE" 
EndSelect

[ABBKlaus]

sorry didn´t have the time to test any further
http://www.wildpackets.com/elements/mis ... _Codes.txt

[ABBKlaus]

this works only for #SECTION_MAP_READ !

regards,
klaus

Code: Select all

#STATUS_SUCCESS                = $00000000
#STATUS_ACCESS_VIOLATION       = $C0000005
#STATUS_INVALID_HANDLE         = $C0000008 
#STATUS_ACCESS_DENIED          = $C0000022 
#STATUS_OBJECT_PATH_SYNTAX_BAD = $C000003B

#SECTION_MAP_WRITE = $2 
#SECTION_MAP_READ = $4 

Procedure.s NTStatus(NTStatus.l)
  hand=LoadLibrary_("NTDLL.DLL")
  If hand
    ferr=FormatMessage_(#FORMAT_MESSAGE_ALLOCATE_BUFFER|#FORMAT_MESSAGE_FROM_SYSTEM|#FORMAT_MESSAGE_FROM_HMODULE,hand.l,NTStatus,0,@buffer.l,0,#Null)
    FreeLibrary_(hand)
    If buffer<>0
      errormsg$=PeekS(buffer)
      LocalFree_(buffer)
      ProcedureReturn errormsg$;RemoveString(errormsg$,Chr(13)+Chr(10))
    EndIf
  EndIf
EndProcedure
  
Structure UNICODE_STRING 
    Length.w 
    MaximumLength.w 
    Buffer.l 
EndStructure 

Structure OBJECT_ATTRIBUTES 
    Length.l 
    RootDirectory.l 
    ObjectName.l 
    Attributes.l 
    SecurityDeor.l 
    SecurityQualityOfService.l 
EndStructure 

Attributes.OBJECT_ATTRIBUTES 
PhysmemString.UNICODE_STRING    
AdrString.s="\Device\PhysicalMemory"

If SizeOf(character)<>2
  MessageRequester("Info","Compiler nicht in Unicode mode!",0)
EndIf

RtlInitUnicodeString_(@PhysmemString, @adrString) 

With Attributes 
    \Length = SizeOf(Attributes) 
    \RootDirectory = 0 
    \ObjectName = PhysmemString 
    \Attributes = 0 ; #OBJ_KERNEL_HANDLE
    \SecurityDeor = 0 
    \SecurityQualityOfService = 0 
EndWith  

;access.l=#SECTION_ALL_ACCESS
access.l=#SECTION_MAP_READ;|#SECTION_MAP_WRITE

Status.l=ZwOpenSection_(@g_hMPM,access,Attributes) 

Debug "Status="+RSet(Hex(Status),8,"0")
Debug NTStatus(Status)

[end7]

Thanks ABBKlaus so much,
Now i have anther question. I call the"MapViewOfFile_ "failed, and the "GetLastError_()"return 5,why?

Code: Select all

    Status.l
    Attributes.OBJECT_ATTRIBUTES
    PhysmemString.UNICODE_STRING
    g_hMPM.l
    RtlInitUnicodeString_(PhysmemString, @"\Device\PhysicalMemory")
    With Attributes
      \Length = SizeOf(Attributes)
      \RootDirectory = 0
      \ObjectName = @PhysmemString
      \Attributes = 0
      \SecurityDeor = 0
      \SecurityQualityOfService = 0
    EndWith  
    Status = ZwOpenSection_(@g_hMPM,#SECTION_MAP_WRITE Or #SECTION_MAP_READ, Attributes)
    lDirectoty = $39000  ;xp
    If Status=0
        g_pMapPhysicalMemory = MapViewOfFile_(g_hMPM, 4, 0,lDirectoty, $1000)
        Debug g_pMapPhysicalMemory
        back.l
        back=GetLastError_()
        Debug back
    EndIf

[ABBKlaus]

did you read my post above
i have commented out the #SECTION_MAP_WRITE or else you will get access denied
code below works with #SECTION_MAP_READ :

Status=00000000
STATUS_WAIT_0
19566592
Der Vorgang wurde erfolgreich beendet.

regards,
klaus

Code: Select all

#STATUS_SUCCESS                = $00000000
#STATUS_ACCESS_VIOLATION       = $C0000005
#STATUS_INVALID_HANDLE         = $C0000008 
#STATUS_ACCESS_DENIED          = $C0000022 
#STATUS_OBJECT_PATH_SYNTAX_BAD = $C000003B

#SECTION_MAP_WRITE = $2 
#SECTION_MAP_READ = $4 

Procedure.s NTStatus(NTStatus.l)
  hand=LoadLibrary_("NTDLL.DLL")
  If hand
    ferr=FormatMessage_(#FORMAT_MESSAGE_ALLOCATE_BUFFER|#FORMAT_MESSAGE_FROM_SYSTEM|#FORMAT_MESSAGE_FROM_HMODULE,hand.l,NTStatus,0,@buffer.l,0,#Null)
    FreeLibrary_(hand)
    If buffer<>0
      errormsg$=PeekS(buffer)
      LocalFree_(buffer)
      ProcedureReturn errormsg$;RemoveString(errormsg$,Chr(13)+Chr(10))
    EndIf
  EndIf
EndProcedure

Procedure.s GetLastError(Err.l)
  FormatMessage_(#FORMAT_MESSAGE_ALLOCATE_BUFFER|#FORMAT_MESSAGE_FROM_SYSTEM,0,Err,0,@buffer.l,0,#Null)
  If buffer<>0
    errormsg$=PeekS(buffer)
    LocalFree_(buffer)
    ProcedureReturn RemoveString(errormsg$,Chr(13)+Chr(10))
  EndIf
EndProcedure
  
Structure UNICODE_STRING 
    Length.w 
    MaximumLength.w 
    Buffer.l 
EndStructure 

Structure OBJECT_ATTRIBUTES 
    Length.l 
    RootDirectory.l 
    ObjectName.l 
    Attributes.l 
    SecurityDeor.l 
    SecurityQualityOfService.l 
EndStructure 

Attributes.OBJECT_ATTRIBUTES 
PhysmemString.UNICODE_STRING    
AdrString.s="\Device\PhysicalMemory"

If SizeOf(character)<>2
  MessageRequester("Info","Compiler nicht in Unicode mode!",0)
EndIf

RtlInitUnicodeString_(@PhysmemString, @adrString) 

With Attributes 
    \Length = SizeOf(Attributes) 
    \RootDirectory = 0 
    \ObjectName = @PhysmemString 
    \Attributes = 0 ; #OBJ_KERNEL_HANDLE
    \SecurityDeor = 0 
    \SecurityQualityOfService = 0 
EndWith  

;access.l=#SECTION_ALL_ACCESS
access.l=#SECTION_MAP_READ;|#SECTION_MAP_WRITE

Status.l=ZwOpenSection_(@g_hMPM,access,Attributes) 

Debug "Status="+RSet(Hex(Status),8,"0")
Debug NTStatus(Status)

lDirectoty = $39000  ;xp 
If Status=0 
  g_pMapPhysicalMemory=MapViewOfFile_(g_hMPM, 4, 0,lDirectoty, $1000)
  err=GetLastError_()
  Debug g_pMapPhysicalMemory 
  Debug GetLastError(err)
EndIf