Build & Run Instructions: ------------------------- This sample is composed of two parts, the Win32 portion and the kernel device driver portion. Each part can be found in their respective directories, WIN32 and DRIVER. The Win32 portion contains a file, MEMTEST.C, which attempts to obtain a handle to MAPMEM. The executable is built using the Windows NT SDK. First update the environment and path by running \setenv.bat. Then change to the directory where you have the C source code and the makefile. Type NMAKE to compile the Win32 program, GETHNDL.EXE. The kernel driver portion contains the driver source code, MAPMEM.C and a text file used to configure your registry so that the driver can be loaded. The driver is built using the Windows NT DDK. To build the driver: 1. Edit the MAPMEM\DRIVER\SOURCES file to make sure the INCLUDES variable points to the proper (PRIVATE\NTOS\INC) path, 2. Assuming you have run \setenv.bat, build the driver by typing: build -cef (If there are any errors have a look at the build.log, build.err, and build.wrn files to get an idea of what went wrong.) 3. Copy the newly built driver, OBJ\*\MAPMEM.SYS to the \system\drivers directory, i.e.: copy obj\i386\mapmem.sys c:\winnt\system\drivers\ 4. Update the registry by running regini.exe on ther mapmem.ini file, i.e.: regini mapmem.ini This adds a MAPMEM driver node under the HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Services tree in the registry, and also creates a MAPMEM symbolic link under ...\Control\ Session Manager\DOS Devices. You can verify this by starting REGEDIT.EXE and looking the appropriate places. 5. Reboot. 6. Type: net start mapmem ...and then execute MEMTEST.EXE. API Info: --------- The ZwMapViewOfSection and ZwUnmapViewOfSection kernel-mode driver APIs provide a way to map and unmap a physical section of memory into the address space of a user mode process. These APIs were not prototyped or documented in the October 1992 release of the Windows NT Device Driver Kit. However, they are included in the library (.LIB) files, and calls to these functions will be resolved by the linker at link time. A description and example of these APIs follow: NTSTATUS ZwMapViewOfSection( IN HANDLE SectionHandle, IN HANDLE ProcessHandle, IN OUT PVOID *BaseAddress, IN ULONG ZeroBits, IN ULONG CommitSize, IN OUT PLARGE_INTEGER SectionOffset OPTIONAL, IN OUT PULONG ViewSize, IN SECTION_INHERIT InheritDisposition, IN ULONG AllocationType, IN ULONG Protect ); /*++ Routine Description: This function maps a view in the specified subject process to the section object. Arguments: SectionHandle - Supplies an open handle to a section object. ProcessHandle - Supplies an open handle to a process object. BaseAddress - Supplies a pointer to a variable that will receive the base address of the view. If the initial value of this argument is not null, then the view will be allocated starting at the specified virtual address rounded down to the next 64kb address boundary. If the initial value of this argument is null, then the operating system will determine where to allocate the view using the information specified by the ZeroBits argument value and the section allocation attributes (i.e. based and tiled). ZeroBits - Supplies the number of high order address bits that must be zero in the base address of the section view. The value of this argument must be less than 21 and is only used when the operating system determines where to allocate the view (i.e. when BaseAddress is null). CommitSize - Supplies the size of the initially committed region of the view in bytes. This value is rounded up to the next host page size boundary. SectionOffset - Supplies the offset from the beginning of the section to the view in bytes. This value is rounded down to the next host page size boundary. ViewSize - Supplies a pointer to a variable that will receive the actual size in bytes of the view. If the value of this argument is zero, then a view of the section will be mapped starting at the specified section offset and continuing to the end of the section. Otherwise the initial value of this argument specifies the size of the view in bytes and is rounded up to the next host page size boundary. InheritDisposition - Supplies a value that specifies how the view is to be shared by a child process created with a create process operation. InheritDisposition Values ViewShare - Inherit view and share a single copy of the committed pages with a child process using the current protection value. ViewUnmap - Do not map the view into a child process. AllocationType - Supplies the type of allocation. MEM_TOP_DOWN Protect - Supplies the protection desired for the region of initially committed pages. Protect Values PAGE_NOACCESS - No access to the committed region of pages is allowed. An attempt to read, write, or execute the committed region results in an access violation (i.e. a GP fault). PAGE_EXECUTE - Execute access to the committed region of pages is allowed. An attempt to read or write the committed region results in an access violation. PAGE_READONLY - Read only and execute access to the committed region of pages is allowed. An attempt to write the committed region results in an access violation. PAGE_READWRITE - Read, write, and execute access to the region of committed pages is allowed. If write access to the underlying section is allowed, then a single copy of the pages are shared. Otherwise the pages are shared read only/copy on write. Return Value: Returns the status --*/ NTSTATUS ZwUnmapViewOfSection( IN HANDLE ProcessHandle, IN PVOID BaseAddress ); /*++ Routine Description: This function unmaps a previously created view to a section. Arguments: ProcessHandle - Supplies an open handle to a process object. BaseAddress - Supplies the base address of the view. Return Value: Returns the status --*/