c++ - sending a struct with MapViewOfFile and reading an unknown value

Question

I am basically trying to cast or copy my struct to my other process section view but I keep getting an error

C2760: syntax error: unexpected token 'identifier', expected 'declaration'

This is what I am doing:

type RPM(UINT_PTR ReadAddress)
{
    if (hDriver == INVALID_HANDLE_VALUE) {
        return {};
    }

    DWORD64 Bytes;
    KM_READ_REQUEST ReadRequest{};

    type response{};

    ReadRequest.ProcessId = PID;
    ReadRequest.Address = ReadAddress;
    ReadRequest.Size = sizeof(type);
    ReadRequest.Output = &response;

The problem is here:

auto pBuf = (ReadRequest)MapViewOfFile(hMapFile, FILE_MAP_WRITE, 0, 0, 4096);
if (!pBuf)
{
    printf("OpenFileMappingA(write) fail! Error: %u
", GetLastError());
    system("pause");
}

printf("MapViewOfFile(write) created ! 
");

I am having another problem trying to read an unknown value from my kernel driver. It basically reads memory and then changes that value to another thing based on what I am reading from if its int, float, etc..

PKM_READ_REQUEST ReadInput = (PKM_READ_REQUEST)SharedSection; // cast readRequest to our struct which is in SharedSection.
void* ReadOutput = ReadInput->Output;

Status = ReadKernelMemory(Process, ReadInput->Address, ReadOutput, ReadInput->Size);

I am trying to copy it to my shared section so I can read it from user mode, but idk how to cast it or what the value would be.

memcpy(SharedSection, &ReadOutput, sizeof(ReadOutput));

This is how I want to try to read it, but cast it as the same way because I don't want to read it as void, I want to read it as the value that was given from my kernel mode.

auto pBuf = MapViewOfFile(hMapFile, FILE_MAP_READ, 0, 0, 4096);
if (!pBuf)
{
    printf("OpenFileMappingA(write) fail! Error: %u
", GetLastError());
    system("pause");
}

printf("MapViewOfFile(write) created ! 
");

BTW, I am using the un-documented function mmcopyvirtualmemory in my kernel driver.

Answer 1

1.

auto pBuf = (ReadRequest)MapViewOfFile(hMapFile, FILE_MAP_WRITE, 0, 0, 4096);

The ReadRequest is not a type but an object, If you want to write the file map address as the struct KM_READ_REQUEST, you should convert the return pointer to the type of PKM_READ_REQUEST, and also take the control of the size of file map:

auto pBuf = (PKM_READ_REQUEST)MapViewOfFile(hMapFile, FILE_MAP_WRITE, 0, 0, sizeof(KM_READ_REQUEST));

So that you can set the PID,Address,Size and Output for it.

2.

memcpy(SharedSection, &ReadOutput, sizeof(ReadOutput));

• ReadOutput is already the address of output value, So you don't need the operation &.
• Sizeof(a pointer) is always equal to 4(in 32-bit) and 8(in 64-bit);
• You'd better use a new variable to store copied values, Instead of overwriting previous data。

So

type new_var;
memcpy(&new_var, ReadOutput, sizeof(KM_READ_REQUEST));

EDIT: Answer your comments,

You can set a single Event to communicate between driver and UM.

App:

hDevice = CreateFile(Device);
hEvent = CreateEvent(...);
DeviceIoControl(hDevice, IOCTL_SET_EVENT, &hEvent,...);
WaitForSingleObject(hEvent, INFINITE);

Driver:

case IOCTL_SET_EVENT:
{
    HANDLE hUserEvent = *(HANDLE *)pIrp->AssociatedIrp.SystemBuffer;
    status = ObReferenceObjectByHandle(hUserEvent, EVENT_MODIFY_STATE,*ExEventObjectType, KernelMode, (PVOID*)&pDevExt->pEvent, NULL);
    ObDereferenceObject(pDevExt->pEvent);
    break;
}

Then set event:

KeSetEvent(pdx->pEvent,...);