[ros-kernel] Possible SECURITY_DESCRIPTOR cache problem
James Tabor
jimtabor at adsl-64-217-116-74.dsl.hstntx.swbell.net
Sun Aug 29 12:38:22 CEST 2004
Filip Navara wrote:
> Filip Navara wrote:
>
>> I have a method to reproduce such (or very similar) crash every time.
>> I'll write about it more tomorrow.
>
>
> I take that back. I found out the cause of the crash I was seeing and
> it's differnet from the crash Mike had. My stack trace:
>
> kernel32:CreateToolhelp32Snapshot
> ...
> io/create.c:358 - IoCreateFile
> ob/object.c:457 - ObCreateObject
> se/semgr.c:382 - SeAssignSecurity
> se/sid.c:567 - RtlLengthSid
>
> Now if you look at CreateToolhelp32Snapshot you'll see the function is
> (ignoring the code is completely wrong) not initializing the
> OBJECT_ATTRIBUTES structure and the security descriptor pointer
> (uninitialized memory) is then passed to CreateFile -> NtCreateFile ->
> ... resulting in obvious crash when accessing it.
>
> Regards,
> Filip
>
Oh yes! That was but together all wrong. If anyone wants to reimplement it?
Look at pages 169 to 174 of Windows nt/2k Native api ref. Page 172 shows how
to obtain the handle for a snapshot. Not by a device driver file but only from
a section map view! I believe we have all the code ready for it, everything
except Heap. ie, lib/ntdll/rtl/dbgbuffer.c
James
More information about the Ros-kernel
mailing list