1

I using CreateFileMapping and MapViewOfFile to use a file as Shared storage between two process.

The process A, it is running as Service in session 0, to clear the content in file mapping.

The process B, it is a normal process run in session 1, to read and write the content in file mapping.

Using process B first, there has some data were stored into file mapping and terminates. Then, run the Process A to clear data. In my expectation, after execute process A, the file mapping would become empty. But It didn't.

And if I change the privilege of Process A, running it as normal process and in session 1. All of them are works correctly.

My question is, the file mapping with same name are not identical between different session on windows?

And does there has any function can create a thread to run in session 1 from a process in session 0? (I have tried impersonate as user session before create_thread in the process of session 0, it doesn't work)

Thank you.

Lion Kuo
  • 239
  • 4
  • 13

1 Answers1

4

The name must be prefixed with Global\ if you want to access the object from different sessions.

To avoid security issues you also want the service to create the object:

The creation of a file-mapping object in the global namespace, by using CreateFileMapping, from a session other than session zero is a privileged operation. Because of this, an application running in an arbitrary Remote Desktop Session Host (RD Session Host) server session must have SeCreateGlobalPrivilege enabled in order to create a file-mapping object in the global namespace successfully. The privilege check is limited to the creation of file-mapping objects, and does not apply to opening existing ones. For example, if a service or the system creates a file-mapping object, any process running in any session can access that file-mapping object provided that the user has the necessary access.

Anders
  • 97,548
  • 12
  • 110
  • 164
  • 2
    one undocumented but important note. `SeCreateGlobalPrivilege` need only if we create file-mapping object based on *file on disk* . when we used section based on paged file ( If *hFile* is *INVALID_HANDLE_VALUE* in call *CreateFileMapping* ) - priviledge not checked and any application can create in memory only section in global namespace – RbMm May 05 '17 at 10:47
  • 1
    I try to create file-mapping object with (hFile = INVALID_HANDLE_VALUE) in Session 1, it says I don't have the privilege to create Global file-mapping. And I search the keyword of SeCreateGlobalPrivilege, I didn't know how to let all user account have this privilege, and it seems not a workable solution if I want to deploy my program to any computer without change their local security policy? – Lion Kuo May 08 '17 at 02:47
  • If the service has a named pipe or some other way you use to communicate with it then you can ask it to create the memory object. – Anders May 08 '17 at 08:37