blabberer
February 19th, 2013, 00:50
since you say you got past the part you should now be clear that CreateFilemapping needs a file handle either a real existing files handle or an invalid handle value to use the page file
so that means you need to check what handle is passed to CreateFileMapping if it was 0xffffffff (-1) (INVALID_HANDLE_) then it means pagefile is used
else a real file is used
now for a file handle to be retrieved there must most probably be a CreateFile() you need to find that
and CreateFile takes a Filepath or Fileaname\Directory as its argument so you got your file
its as simple as that
to conquer unrelated and unknown pieces of equation best way is to forward engineer what you are trying to reverse engineer
try coding some pieces yourself and look at them in a debugger you will understand things better than waiting for a spoonfed answer from some cranky dude
in some dark corner of wild whole web
so msdn says to CreateFileMapping you need a File
lets make a file using c stream routines the most easiest way to create a file and fill it with some random stuff
Code:
char Buffer[] = {
"The Quick brown Fox Jumped Over the Well and drowned by its own sheer stupidity "
"it thought it was superfox and can jump from anywhere to anywhere well that must "
"be true it jumped from earth to hell was the fox stupid or was it ????????????? "
};
FILE *fp;
fp = fopen("filemap.txt","wb"
; \\ opens a new file 0 byte sized for reading and writing in binary mode in local directory
fwrite(Buffer,1,sizeof(Buffer),fp); \\ we write some crap that we have in buffer to the newly opened file
fclose(fp); \\ close it done
so lets get a handle to this file so that we can feed it to CreatFilemapping
Code:
HANDLE hFile;
if (( hFile = CreateFile( "filemap.txt", GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL,
OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL ) ) == NULL)
lets feed the handle to CreateFilemapping and wait for our lucky princess to turn up riding a mule wearing dark ugly skirt and a broken sheath in hand
Code:
HANDLE hMapFile;
if (( hMapFile = CreateFileMapping( hFile, NULL, PAGE_READWRITE, 0, 0x400, "Global\\MyMappedFile" ) ) == NULL)
HANDLE hEvent;
hEvent = CreateEvent(NULL,FALSE,FALSE,"Global\\MyEvent"
;
WaitForSingleObject(hEvent,INFINITE);
upto this point you simply wont / cant see the file contents
all this has done is created a potential for viewing the contents of the file
a place has been reserved for file contents to be viewed when you need
so your premise that CreateFileMapping reads some bytes from some files need to be reviewed and corrected now (google first and read before continuing)
so now that you googled you know to read / view the file contents you may need to MapViewOfFile
and it is called ViewOf File because it may not be coherent across multiple views acrosss multiple process with several methods of FileMapping
so with CreateFilemapping all you do is create a shared object that can be manipulated by different process including remote processes running in a different physical machine somewhere over the holed wiled web a potential subway for a swift footed virus / spyware / malware / wareware to do some thing
lets see how we can manipulate this map from a different process
Code:
if (( hOpenMapFile = OpenFileMapping(FILE_MAP_ALL_ACCESS,FALSE,"Global\\MyMappedFile"
)==NULL)
if (( Buffer = (PCHAR) MapViewOfFile(hOpenMapFile,FILE_MAP_ALL_ACCESS,NULL,NULL,NULL)) == NULL)
strncat_s( Buffer, ....................);
if (( hEvent = OpenEvent(EVENT_ALL_ACCESS,FALSE,"Global\\MyEvent"
) == NULL)
if (( SetEvent(hEvent)) == NULL)
thats it you open the map and map the contents and then it is plain memory manipulation of the view to persist the views to actual file
you need to obey copyonWrite / map file size rules
and flush the view
Code:
if (( FlushViewOfFile(isFileMod,strlen(isFileMod))) == NULL)
