Recently, a program using filemapping for inter-process communication was developed to implement the communication between WebService and other services I wrote through this program.
Communication to achieve security isolation and tracking, maintenance, and management of some States. After completing the test, we first tested two common Windows processes in the 1.8g dual-core
On a laptop, 30 thousand 1000-byte messages can be sent every second, and the efficiency basically meets my requirements (I have not optimized the efficiency to the extreme and the efficiency bottleneck
I basically know the optimization method. I am a lazy person. Now that the solution can meet the system requirements, I don't want to solve it for the time being. Please wait for time to optimize it)
Immediately port the client to ASP. NET, And the filemapping fails to be opened. The client immediately realizes that it is a permission issue. I searched the internet, and some netizens said forced
ASP. NET plays the role of the system administrator to solve the problem. When I hear it, I feel that it is not a safe solution. The second is to use the null DACL permission description.
Give the system kernel object full access permissions to any user. This method is better than the first one, but attackers can still use very low permissions.
After logging on to the system, the system kernel objects are operated to damage the system. The third method is to assign the Service self-production and ASP. NET permission descriptors to the system kernel object.
The method has the highest security.
Most of the online code is written in C ++. I used C # To first write a null DACL code. I used it for a moment. The expected result is indeed the same as that of WebService.
The service process is communicating. Share this code with you. The code of the third method will be supplemented later.
Please refer to this article: http://dev.csdn.net/article/33/33903.shtm
C # of null DACL:
[Structlayoutattribute (layoutkind. Sequential)]
Public struct security_descriptor
{
Public byte revision;
Public byte size;
Public short control;
Public intptr owner;
Public intptr group;
Public intptr SACL;
Public intptr DACL;
}
[Structlayout (layoutkind. Sequential)]
Public class securityattributes: idisposable
{
[Dllimport ("advapi32.dll", setlasterror = true)]
Static extern bool setsecuritydescriptordacl (intptr SD, bool daclpresent, intptr DACL, bool dacldefaulted );
[Dllimport ("advapi32.dll", setlasterror = true)]
Static extern bool initializesecuritydescriptor (intptr psecuritydescriptor, uint dwrevision );
Private int nlength;
Private intptr lpsecuritydescriptor;
Private int binherithandle;
Public securityattributes ()
{
// Get securityattributes size
Nlength = marshal. sizeof (typeof (securityattributes ));
// Inherit handle
Binherithandle = 1;
// Create a null DACL
Security_descriptor SD = new security_descriptor ();
// Alloc memory for Security Descriptor
Lpsecuritydescriptor = marshal. alloccotaskmem (marshal. sizeof (SD ));
// Struct to PTR
Marshal. structuretoptr (SD, lpsecuritydescriptor, false );
Initializesecuritydescriptor (lpsecuritydescriptor, 1 );
Setsecuritydescriptordacl (lpsecuritydescriptor, true, intptr. Zero, false );
}
Public void dispose ()
{
Lock (this)
{
If (lpsecuritydescriptor! = Intptr. Zero)
{
Marshal. freehglobal (lpsecuritydescriptor );
Lpsecuritydescriptor = intptr. zero;
}
}
}
~ Securityattributes ()
{
Dispose ();
}
}
API function Declaration related to filemapping kernel objects:
[Dllimport ("kernel32.dll", entrypoint = "createfilemapping", setlasterror = true, charset = charset. Unicode)]
Internal static extern intptr createfilemapping (uint hfile, securityattributes lpattributes, uint flprotect, uint dwmaximumsizehigh, uint dwmaximumsizelow, string lpname );
[Dllimport ("kernel32.dll", entrypoint = "openfilemapping", setlasterror = true, charset = charset. Unicode)]
Internal static extern intptr openfilemapping (uint dwdesiredaccess, bool binherithandle, string lpname );
[Dllimport ("kernel32.dll", entrypoint = "mapviewoffile", setlasterror = true, charset = charset. Unicode)]
Internal static extern intptr mapviewoffile (intptr hfilemappingobject, uint dwdesiredaccess, uint dwfileoffsethigh, uint dwfileoffsetlow, uint dwnumberofbytestomap );
[Dllimport ("kernel32.dll", entrypoint = "unmapviewoffile", setlasterror = true, charset = charset. Unicode)]
[Return: financialas (unmanagedtype. variantbool)]
Internal static extern bool unmapviewoffile (intptr lpbaseaddress );
[Dllimport ("kernel32.dll", entrypoint = "flushviewoffile", setlasterror = true, charset = charset. Unicode)]
[Return: financialas (unmanagedtype. variantbool)]
Internal static extern bool flushviewoffile (intptr lpbaseaddress, uint dwnumberofbytestoflush );
