0

I am working on .net platform and using C++ to write my application. When I am using the following code to create a global shared memory to store some value in windows XP, it is perfectly working but on using it in Windows 7, it is giving error so I applied security attributes also but still it is giving permission specific error.

//Global declaration

TCHAR szName[]=TEXT("Global\\MyObject");

bool CreateDACL(SECURITY_ATTRIBUTES *sa)
{
    wchar_t *sdd = L"D:P(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GRGW;;;IU)";
    return ConvertStringSecurityDescriptorToSecurityDescriptor((LPCSTR)sdd, SDDL_REVISION_1, &sa->lpSecurityDescriptor, NULL) == TRUE;
}

void CreateShareMemory()
{

HANDLE hMapFile =NULL;    // Create handle

    // Check if already created
    hMapFile = OpenFileMapping(
                   FILE_MAP_ALL_ACCESS,   // read/write access
                   FALSE,                 // do not inherit the name
                   szName);               // name of mapping object 

    // If not created, then create
    if(hMapFile == NULL)
    {
        SECURITY_ATTRIBUTES sa;
        CreateDACL(&sa);

        hMapFile = CreateFileMapping(
                     INVALID_HANDLE_VALUE,    // use paging file
                     &sa,                    // default security 
                     PAGE_READWRITE|SEC_COMMIT,          // read/write access
                     0,                       // max. object size 
                     256,                // buffer size  
                     szName);                 // name of mapping object

        int i=GetLastError();       // Here it is giving error no 5
    }
}
Improve this question
3
  • Whats the error message or error code? What's the the usage scenario? Is the producer and consumer using the same account? Commented May 8, 2013 at 13:18
  • 1
    Casting strings with (LPCSTR) never works, that's as wise as not checking the return value of a winapi function. It just shuts up the compiler telling you that you are doing it wrong, it doesn't stop you from doing it wrong. SDDL is a nasty rabbit hole as well, focus on making this work without hacking security. Don't run programs elevated, don't try to break the WinRT sandbox. Commented May 8, 2013 at 13:20
  • It is giving error code 5, i.e. "Access is denied" and yes producer and consumer are using the same account. Commented May 8, 2013 at 13:35

1 Answer 1

Reset to default
2

An ordinary user cannot create file mappings in the Global Namespace since Session 0 separation (and XP SP2 it looks like) without the SeCreateGlobalPrivilege privilege.

Please read the documentation for the CreateFileMapping function which mentions this explicitly:

Creating a file mapping object in the global namespace from a session other than session zero requires the SeCreateGlobalPrivilege privilege. For more information, see Kernel Object Namespaces.

Your process is not running as a system service in session 0, and so cannot create a global file mapping without obtaining this privilege. The easiest way to obtain this privilege is to run the process with elevated privileges.

A possible alternative (untested, guesstimation based on information from a wide variety of unconfirmed sources) is to try to find the file mapping in the session's namespace by using the Session\(number)\(name). If you open up the permissions on the mapping enough, it should be accessible by the other process.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.