Cross-process access to shared memory

Http://www.moon-soft.com/doc/19875.htm

Cross-process access to shared memory

Author: Unknown Source: moonlight software station time: moonlight software Station

Q: I used CreateFileMapping to create a shared memory on the server. Make this exe always run on the server.
At the same time, other users access the server using IE on the client and submit the data to be queried through the webpage created by C #. After the server obtains the webpage parameters, create a COM object to access the shared memory of the previous exe, and then return the query results in the shared memory to the customer.
The problem is that the COM cannot use openmapping to access the shared memory of the exe, prompting that the access is denied. On the server, I recommend that you compile a project into an exe file to access the shared memory !! Why is it not possible on a webpage? Does COM need permission settings? What is the permission integration method between two processes? How to Use DACL?

 

I wrote a Service using ATL. In this Service, I created a shared Memory (Memory Mapping) and a Mutex
Then I access the shared memory and Mutex in another normal program. However, I failed to open the Mutex with CreateMutex and GetLastError () returned 5, meaning that the access was denied !!
Similarly, when MapViewOfFile is used, the same error is returned !!!!!!

I already know the reason because when I create shared memory and Mutext, SECURITY_ATTRIBUTES is set to NULL !!!

But I have no solution

Hope you can help me!

A: Check the permissions of the users used to run the service. Generally, the service process owner has low permissions for security purposes. To allow service processes to access objects, You need to specify a broader security descriptor when creating shared memory, and add a new access control project (ACE) to your ASP process owner. The default access control list (ACL) only contains the creator and Administrator group.

The following code creates a security descriptor that all users can access. You can use this security descriptor when creating shared memory.
CShareRestrictedSD ShareRestrictedSD;
HMapFile = CreateFileMapping (INVALID_HANDLE_VALUE, // Current file handle.
ShareRestrictedSD. GetSA (), // Default security.
// NULL,
PAGE_READWRITE, // Read/write permission.
0, // Max. object size.
FileSize, // Size of hFile.
MapName); // Name of mapping object.

Class CShareRestrictedSD
{
Public:
CShareRestrictedSD ();
Virtual ~ CShareRestrictedSD ();
SECURITY_ATTRIBUTES * GetSA ();
Protected:
PVOID ptr;
SECURITY_ATTRIBUTES sa;
SECURITY_DESCRIPTOR sd;
};
// If this guy works, the author is jiangsheng;
// If this guy doesn't use it at all, I don't know its author.
PVOID BuildRestrictedSD (PSECURITY_DESCRIPTOR pSD ){

DWORD dwAclLength;

PSID psidEveryone = NULL;

PACL pDACL = NULL;
BOOL bResult = FALSE;

PACCESS_ALLOWED_ACE pACE = NULL;

SID_IDENTIFIER_AUTHORITY siaWorld = SECURITY_WORLD_SID_AUTHORITY;

SECURITY_INFORMATION si = DACL_SECURITY_INFORMATION;

_ Try {

// Initialize the security descriptor
If (! InitializeSecurityDescriptor (pSD,
SECURITY_DESCRIPTOR_REVISION )){
Printf ("InitializeSecurityDescriptor () failed with error % d \ n ",
GetLastError ());
_ Leave;
}

// Obtain a sid for the Authenticated Users Group
If (! AllocateAndInitializeSid (& siaWorld, 1,
SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0,
& PsidEveryone )){
Printf ("AllocateAndInitializeSid () failed with error % d \ n ",
GetLastError ());
_ Leave;
}

// NOTE:
//
// The Authenticated Users group names des all user accounts that
// Have been successfully authenticated by the system. If access
// Must be restricted to a specific user or group other
// Authenticated Users, the SID can be constructed using
// LookupAccountSid () API based on a user or group name.

// Calculate the DACL length
DwAclLength = sizeof (ACL)
// Add space for Authenticated Users group ACE
+ Sizeof (ACCESS_ALLOWED_ACE)-sizeof (DWORD)
+ GetLengthSid (psidEveryone );

// Allocate memory for the DACL
PDACL = (PACL) HeapAlloc (GetProcessHeap (), HEAP_ZERO_MEMORY,
DwAclLength );
If (! PDACL ){
Printf ("HeapAlloc () failed with error % d \ n", GetLastError ());
_ Leave;
}

// Initialize the DACL
If (! InitializeAcl (pDACL, dwAclLength, ACL_REVISION )){
Printf ("InitializeAcl () failed with error % d \ n ",
GetLastError ());
_ Leave;
}

// Add the Authenticated Users group ACE to the DACL
// GENERIC_READ, GENERIC_WRITE, and GENERIC_EXECUTE access
If (! AddAccessAllowedAce (pDACL, ACL_REVISION,
GENERIC_ALL,
PsidEveryone )){
Printf ("AddAccessAllowedAce () failed with error % d \ n ",
GetLastError ());
_ Leave;
}

// Set the DACL in the security descriptor
If (! SetSecurityDescriptorDacl (pSD, TRUE, pDACL, FALSE )){
Printf ("SetSecurityDescriptorDacl () failed with error % d \ n ",
GetLastError ());
_ Leave;
}

BResult = TRUE;

} _ Finally {

If (psidEveryone) FreeSid (psidEveryone );
}

If (bResult = FALSE ){
If (pDACL) HeapFree (GetProcessHeap (), 0, pDACL );
PDACL = NULL;
}

Return (PVOID) pDACL;
}

// The following function frees memory allocated in
// BuildRestrictedSD () function
VOID FreeRestrictedSD (PVOID ptr ){

If (ptr) HeapFree (GetProcessHeap (), 0, ptr );

Return;
}

CShareRestrictedSD: CShareRestrictedSD ()
{
Ptr = NULL;
Sa. nLength = sizeof (sa );
Sa. lpSecurityDescriptor = & sd;
Sa. bInheritHandle = FALSE;
// Build a restricted security descriptor
Ptr = BuildRestrictedSD (& sd );
If (! Ptr ){
TRACE ("BuildRestrictedSD () failed \ n ");
}
}

CShareRestrictedSD ::~ CShareRestrictedSD ()
{
If (ptr ){
FreeRestrictedSD (ptr );
}
}
SECURITY_ATTRIBUTES * CShareRestrictedSD: GetSA ()
{
If (ptr ){
Return & sa;
}
Else
Return NULL;
}