Discussion:
Critical section
(too old to reply)
Cristiano
2004-02-08 23:35:26 UTC
Permalink
I use ReadProcessMemory() to read the memory allocated by another thread.
I tried to use the critical section to avoid the memory sharing, but it
doesn't work; in other words, only the process which allocates the ram
should be able to read it (ReadProcessMemory should fail). Is it possible?

Thanks
Cristiano
Raymond Chen
2004-02-09 17:18:12 UTC
Permalink
I'm a bit confused. Is this cross-process or within a single
process?

You can deny PROCESS_VM_READ permission to prevent people from
doing ReadProcessMemory on your process.

On Sun, 08 Feb 2004 23:35:26 GMT, "Cristiano"
Post by Cristiano
I use ReadProcessMemory() to read the memory allocated by another thread.
I tried to use the critical section to avoid the memory sharing, but it
doesn't work; in other words, only the process which allocates the ram
should be able to read it (ReadProcessMemory should fail). Is it possible?
Cristiano
2004-02-09 18:39:17 UTC
Permalink
I'm a bit confused. Is this cross-process or within a single process?
You can deny PROCESS_VM_READ permission to prevent people from
doing ReadProcessMemory on your process.
I seen that parameter is used in dwDesiredAccess of the OpenProcess
function, but I don't know how to use it in my program.

- I create a program which allocates a memory block and I run it;
- I run another program which read the memory of the first program using
ReadProcessMemory.

I'd like to see the second program to fail because I want to keep secret the
memory allocated by the first program, the memory should not be shared.

Thank you
Cristiano
Raymond Chen
2004-02-10 06:55:34 UTC
Permalink
You can use SetKernelObjectSecurity to change the security
descriptor on your process handle to deny PROCESS_VM_READ to
EVERYONE.

Note that if the second program is running with the same security
identity as the first program, it can just set the kernel object
security back to the original value (since the owner always has
WRITE_DAC permission).

On Mon, 09 Feb 2004 18:39:17 GMT, "Cristiano"
Post by Cristiano
I'm a bit confused. Is this cross-process or within a single process?
You can deny PROCESS_VM_READ permission to prevent people from
doing ReadProcessMemory on your process.
I seen that parameter is used in dwDesiredAccess of the OpenProcess
function, but I don't know how to use it in my program.
- I create a program which allocates a memory block and I run it;
- I run another program which read the memory of the first program using
ReadProcessMemory.
I'd like to see the second program to fail because I want to keep secret the
memory allocated by the first program, the memory should not be shared.
Cristiano
2004-02-10 21:20:52 UTC
Permalink
Post by Raymond Chen
You can use SetKernelObjectSecurity to change the security
descriptor on your process handle to deny PROCESS_VM_READ to
EVERYONE.
Note that if the second program is running with the same security
identity as the first program, it can just set the kernel object
security back to the original value (since the owner always has
WRITE_DAC permission).
In this case I think that function is not good for me.

I seen all the cryptographic programs to use the critical sections to deny
the access to sensitive data, but I don't understand how they work.

Cristiano
Mike Deakins
2004-02-11 00:58:53 UTC
Permalink
The code you referred to may just make use of CS to prevent resource race
WITHIN the process. In other words, the threads both checks the CS, which is
obviously not your senario.
--
Mike J. Deakins
For the shining star in my skies.
Post by Cristiano
Post by Raymond Chen
You can use SetKernelObjectSecurity to change the security
descriptor on your process handle to deny PROCESS_VM_READ to
EVERYONE.
Note that if the second program is running with the same security
identity as the first program, it can just set the kernel object
security back to the original value (since the owner always has
WRITE_DAC permission).
In this case I think that function is not good for me.
I seen all the cryptographic programs to use the critical sections to deny
the access to sensitive data, but I don't understand how they work.
Cristiano
Bob Hairgrove
2004-02-09 21:05:34 UTC
Permalink
On Sun, 08 Feb 2004 23:35:26 GMT, "Cristiano"
Post by Cristiano
I use ReadProcessMemory() to read the memory allocated by another thread.
I tried to use the critical section to avoid the memory sharing, but it
doesn't work; in other words, only the process which allocates the ram
should be able to read it (ReadProcessMemory should fail). Is it possible?
Wouldn't thread local storage (TLS) be the most appropriate to use
here?


--
Bob Hairgrove
***@Home.com
Cristiano
2004-02-10 21:20:48 UTC
Permalink
Post by Raymond Chen
On Sun, 08 Feb 2004 23:35:26 GMT, "Cristiano"
Post by Cristiano
I use ReadProcessMemory() to read the memory allocated by another
thread. I tried to use the critical section to avoid the memory
sharing, but it doesn't work; in other words, only the process which
allocates the ram should be able to read it (ReadProcessMemory
should fail). Is it possible?
Wouldn't thread local storage (TLS) be the most appropriate to use
here?
I tried some TLS function (LocalAlloc, TlsSetValue and so forth), but with a
stand alone program I can access the memory allocated by the other program.

Cristiano
Raymond Chen
2004-02-11 09:02:33 UTC
Permalink
On Tue, 10 Feb 2004 21:20:48 GMT, "Cristiano"
Post by Cristiano
I tried some TLS function (LocalAlloc, TlsSetValue and so forth), but with a
stand alone program I can access the memory allocated by the other program.
A user always has access to their own programs. If you want to
make a program inaccessible to a user, the program cannot be
owned by that user; it will have to be owned by some other user.
And that still doesn't work if the user is the administrator; the
administrator is allowed to access any program.

Loading...