malloc,free,mbtow problem
in [Device Drivers]
|
Prev: Filtering the I/O requests sent by non-system applications in a file system filter driver.
Next: BthPort - How do I get the connection?
From: Don Burn on 30 Apr 2008 10:17 Go take a look at any of the samples in the WDK, there are calls here for doing allocates and free's (hint look under Ex*** calls) and for character conversions (under Rtl***). Really if you are asking these level of questions you need to step back and read a good book or take a course on Windows driver writing. You have a lot to learn, to even know the questions you should be asking. The effort you are attempting to do is one of the most complex problems in Windows, you will not see copies, you cannot easily know that someone is accessing file X then sending it to file Y. Start learning the basics, then go to http://www,osronline.com/. join the NTFSD newgroup and ask these questions, but do not mention hooking there if you want help. -- Don Burn (MVP, Windows DDK) Windows 2k/XP/2k3 Filesystem and Driver Consulting Website: http://www.windrvr.com Blog: http://msmvps.com/blogs/WinDrvr Remove StopSpam to reply "Hasber" <Hasber(a)discussions.microsoft.com> wrote in message news:B483DA7D-A28F-4376-AB53-1B29FB9991A9(a)microsoft.com... > well mr don > i am working on a project which will restrict the malicious movement of > files across network or any physical media > in which i will apply policy like "block delete access of txt files" > "block copy paste access of pdf" > to do so what i got is just hook the functions. > i know now that i cant use it in vista. > now do guide me what shud i adopt to work bcoz i have to rewrite things > again. > > > "Don Burn" wrote: > >> No, you can allocate memory and do conversion, but you have to use the >> correct API's not the c runtimes. What are you trying to do, and why do >> you >> insist on hooking? As you are obviously a newbie, the odds of your >> hooking >> without destroying the system are probably slim to none. >> >> >> -- >> Don Burn (MVP, Windows DDK) >> Windows 2k/XP/2k3 Filesystem and Driver Consulting >> Website: http://www.windrvr.com >> Blog: http://msmvps.com/blogs/WinDrvr >> Remove StopSpam to reply >> >> >> >> >> "Hasber" <Hasber(a)discussions.microsoft.com> wrote in message >> news:FEF49D69-D136-4E65-A390-A84080BAA98E(a)microsoft.com... >> > >> > I m happy that i got such a fast response >> > well i am only working for windows XP >> > whatever harmfull....the main thing is task which i have to accomplish >> > ok if i cant allocate memory then can u tell me what to do for that. >> > now do i have to use arrays. >> > and whats about conversion of char data to wide character >> > "Don Burn" wrote: >> > >> >> Well you are far from done for a lot of reasons. First you cannot use >> >> malloc, free or other user space calls in a kernel driver, so >> >> essentially >> >> all the code you have listed is not going to work in the kernel. >> >> >> >> But that is not the worst thing, you are hooking two calls that are >> >> easily >> >> intercepted by approved means. Hooking is extremely dangerous, and is >> >> blocked for 64-bit systems. Also, hooking drivers are flagged as >> >> MALWARE, >> >> so you have created something that is going to be looked at with >> >> disdain. >> >> >> >> Get the WDK, and some good books such as Walter Oney's "Programming >> >> the >> >> Windows Driver Model, Second Edition" and plan to take some time to >> >> understand the environment. >> >> >> >> >> >> >> >> -- >> >> Don Burn (MVP, Windows DDK) >> >> Windows 2k/XP/2k3 Filesystem and Driver Consulting >> >> Website: http://www.windrvr.com >> >> Blog: http://msmvps.com/blogs/WinDrvr >> >> Remove StopSpam to reply >> >> >> >> >> >> "Hasber" <Hasber(a)discussions.microsoft.com> wrote in message >> >> news:98B386A7-214B-4708-8EAD-455FE2397339(a)microsoft.com... >> >> > hi >> >> > i m working on file hooking >> >> > i had applied two basic hooks i.e NTCreateFile and NtOpenFile >> >> > i am almost finish but with very simple error and i am unable to >> >> > resolve: >> >> > >> >> > i am allocating dynamic memory to char pointer i.e. >> >> > char *cPtrDst ; >> >> > cPtrDst = (char*)malloc(size); >> >> > and deallocating it by free: >> >> > free(cPtrDst); >> >> > >> >> > and i am converting this array into wchar_t variable >> >> > using : >> >> > wchar_t dir[10];//suppose its an array >> >> > result = mbtowc(dir,cPtrDst,size); >> >> > >> >> > >> >> > when i compile the driver it gives error: >> >> > error LNK2019: unresolved external symbol __imp__free referenced in >> >> > function >> >> > _freePolicyData@0 >> >> > >> >> > unresolved external symbol __imp__malloc referenced in function >> >> > _policyWriteNeither@8 >> >> > >> >> > i had included stdlib.h >> >> > >> >> > but in vain......... >> >> > any idea about error? >> >> > >> >> > >> >> >> >> >> >> >> >> >>
From: Alexander Grigoriev on 30 Apr 2008 22:51 The task is futile and is beoynd the traditional OS security model. The best approximation to that is using locked-down slim clients as pure browsers. Even then you nave no way of stopping your untrusted users from simply taking photographs of the screen. "Hasber" <Hasber(a)discussions.microsoft.com> wrote in message news:B483DA7D-A28F-4376-AB53-1B29FB9991A9(a)microsoft.com... > well mr don > i am working on a project which will restrict the malicious movement of > files across network or any physical media > in which i will apply policy like "block delete access of txt files" > "block copy paste access of pdf" > to do so what i got is just hook the functions. > i know now that i cant use it in vista. > now do guide me what shud i adopt to work bcoz i have to rewrite things > again. > > > "Don Burn" wrote: > >> No, you can allocate memory and do conversion, but you have to use the >> correct API's not the c runtimes. What are you trying to do, and why do >> you >> insist on hooking? As you are obviously a newbie, the odds of your >> hooking >> without destroying the system are probably slim to none. >> >> >> -- >> Don Burn (MVP, Windows DDK) >> Windows 2k/XP/2k3 Filesystem and Driver Consulting >> Website: http://www.windrvr.com >> Blog: http://msmvps.com/blogs/WinDrvr >> Remove StopSpam to reply >> >> >> >> >> "Hasber" <Hasber(a)discussions.microsoft.com> wrote in message >> news:FEF49D69-D136-4E65-A390-A84080BAA98E(a)microsoft.com... >> > >> > I m happy that i got such a fast response >> > well i am only working for windows XP >> > whatever harmfull....the main thing is task which i have to accomplish >> > ok if i cant allocate memory then can u tell me what to do for that. >> > now do i have to use arrays. >> > and whats about conversion of char data to wide character >> > "Don Burn" wrote: >> > >> >> Well you are far from done for a lot of reasons. First you cannot use >> >> malloc, free or other user space calls in a kernel driver, so >> >> essentially >> >> all the code you have listed is not going to work in the kernel. >> >> >> >> But that is not the worst thing, you are hooking two calls that are >> >> easily >> >> intercepted by approved means. Hooking is extremely dangerous, and is >> >> blocked for 64-bit systems. Also, hooking drivers are flagged as >> >> MALWARE, >> >> so you have created something that is going to be looked at with >> >> disdain. >> >> >> >> Get the WDK, and some good books such as Walter Oney's "Programming >> >> the >> >> Windows Driver Model, Second Edition" and plan to take some time to >> >> understand the environment. >> >> >> >> >> >> >> >> -- >> >> Don Burn (MVP, Windows DDK) >> >> Windows 2k/XP/2k3 Filesystem and Driver Consulting >> >> Website: http://www.windrvr.com >> >> Blog: http://msmvps.com/blogs/WinDrvr >> >> Remove StopSpam to reply >> >> >> >> >> >> "Hasber" <Hasber(a)discussions.microsoft.com> wrote in message >> >> news:98B386A7-214B-4708-8EAD-455FE2397339(a)microsoft.com... >> >> > hi >> >> > i m working on file hooking >> >> > i had applied two basic hooks i.e NTCreateFile and NtOpenFile >> >> > i am almost finish but with very simple error and i am unable to >> >> > resolve: >> >> > >> >> > i am allocating dynamic memory to char pointer i.e. >> >> > char *cPtrDst ; >> >> > cPtrDst = (char*)malloc(size); >> >> > and deallocating it by free: >> >> > free(cPtrDst); >> >> > >> >> > and i am converting this array into wchar_t variable >> >> > using : >> >> > wchar_t dir[10];//suppose its an array >> >> > result = mbtowc(dir,cPtrDst,size); >> >> > >> >> > >> >> > when i compile the driver it gives error: >> >> > error LNK2019: unresolved external symbol __imp__free referenced in >> >> > function >> >> > _freePolicyData@0 >> >> > >> >> > unresolved external symbol __imp__malloc referenced in function >> >> > _policyWriteNeither@8 >> >> > >> >> > i had included stdlib.h >> >> > >> >> > but in vain......... >> >> > any idea about error? >> >> > >> >> > >> >> >> >> >> >> >> >> >>
From: Maxim S. Shatskih on 1 May 2008 05:22
Go read the kernel documentation to get the knowledge about what is the kernel mode replacement for malloc(). -- Maxim Shatskih, Windows DDK MVP StorageCraft Corporation maxim(a)storagecraft.com http://www.storagecraft.com "Hasber" <Hasber(a)discussions.microsoft.com> wrote in message news:98B386A7-214B-4708-8EAD-455FE2397339(a)microsoft.com... > hi > i m working on file hooking > i had applied two basic hooks i.e NTCreateFile and NtOpenFile > i am almost finish but with very simple error and i am unable to resolve: > > i am allocating dynamic memory to char pointer i.e. > char *cPtrDst ; > cPtrDst = (char*)malloc(size); > and deallocating it by free: > free(cPtrDst); > > and i am converting this array into wchar_t variable > using : > wchar_t dir[10];//suppose its an array > result = mbtowc(dir,cPtrDst,size); > > > when i compile the driver it gives error: > error LNK2019: unresolved external symbol __imp__free referenced in function > _freePolicyData@0 > > unresolved external symbol __imp__malloc referenced in function > _policyWriteNeither@8 > > i had included stdlib.h > > but in vain......... > any idea about error? > > |