- 1 year ago
Attempting to create a read only shared memory area with CreateFileMapping and custom DACL fails in OpenFileMapping
When attempting to create a read-only shared memory area with CreateFileMapping
and a custom DACL (Discretionary Access Control List), it's important to ensure that the DACL is properly configured to grant the necessary permissions. If the shared memory area is not accessible when using OpenFileMapping
, it's likely that the DACL does not allow the desired level of access.
Here are some steps you can follow to create a read-only shared memory area with a custom DACL:
Define the security attributes and DACL:
- Create a
SECURITY_ATTRIBUTES
structure and set itslpSecurityDescriptor
member to a validSECURITY_DESCRIPTOR
structure. - Create a
SECURITY_DESCRIPTOR
structure and initialize it usingInitializeSecurityDescriptor
. - Create an empty
ACL
(Access Control List) usingInitializeAcl
. - Add an access control entry to the ACL using
AddAccessAllowedAce
orAddAccessDeniedAce
, depending on the desired permissions. - Set the DACL of the
SECURITY_DESCRIPTOR
usingSetSecurityDescriptorDacl
.
- Create a
Create the file mapping object:
- Use
CreateFileMapping
to create the file mapping object, passing the desired size, a name (optional), and theSECURITY_ATTRIBUTES
structure with the custom DACL.
- Use
Access the shared memory:
- Use
OpenFileMapping
to open the shared memory area with the same name used in the creation step. - If the
OpenFileMapping
call succeeds, you should have a handle to the shared memory object that allows read-only access.
- Use
It's crucial to ensure that the permissions specified in the custom DACL allow the desired access for the shared memory area. If the DACL does not grant the necessary read-only access, attempting to open the file mapping with OpenFileMapping
will fail.
Make sure to carefully review and debug your code to confirm that the DACL is properly constructed and applied to the SECURITY_ATTRIBUTES
structure.
If you continue to face issues with accessing the shared memory area, consider checking the return values of the relevant API calls for any error codes and consult the Microsoft documentation for detailed examples and guidelines on using CreateFileMapping
, OpenFileMapping
, and DACLs for shared memory.