CreateFileW issue in OEMWriteRegistry implementation Embedded Compact 7 (WEC7) RRS feed

  • Question

  • I have a Embedded compact 7 OSDesign in which I'm attempting to use a RAM based registry (Can't use Hive based for this problem).

    I am trying to implement the OEMWriteRegistry function in the OAL in order to Save the registry to an SD card when a RegFlushKey is called.

    I have successfully added an app to the OAL which implements both OEMWriteRegistry/OEMReadRegistry and am able to debug them.

    My OEMWriteRegistry looks something like this:

    BOOL OEMWriteRegistry( DWORD dwFlags, LPBYTE lpData, DWORD cbData )
    	BOOL bSuccess = FALSE;
    	if ( dwFlags & REG_WRITE_BYTES_START )
    		m_hRegFile = CreateFileW(ptcszFullRegistryFileName, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL );
    //Code omitted for brevity
    	return bSuccess;

    I have created a standalone app which calls RegFlushKey which in turn triggers the above code to run.

    The problem is that when CreateFileW gets called, a debug assert is hit inside a file called apicall.c which tells me that i'm trying to run user code in kernel mode.

    This is the code that asserts:

    if (!IsKModeAddr ((DWORD)pcstk->retAddr)) {
                    // If the following debug break is hit, the thread was running user code in kernel mode, which is a 
                    // SEVERE SECURITY HOLE. Possible reasons:
                    // - user mode thread calls into kernel mode server, passing a function pointer. And the kernel mode server simply 
                    //   calls the function without using PerformCallBack.
                    // - un-initialized function pointer in kernel mode, which happens to contain to a user mode address.
                    // - corrupted function table in kernel servers.
                    NKD (L"!! ERROR - SECURIIY VIOLATION !! ----------------------------------------------------------------------\r\n");
                    NKD (L"!! ERROR - SECURIIY VIOLATION !! Running user code in kernel Mode (0x%8.8lx), Thread terminated!!\r\n", pcstk->retAddr);
                    NKD (L"!! ERROR - SECURIIY VIOLATION !! ----------------------------------------------------------------------\r\n");
                    DebugBreak ();
                    // terminate the thread
                    ApiInfo.pfn = SetupErrorReturn (pcstk, ApiInfo.dwMethod, iApiSet, ERROR_ACCESS_DENIED, ApiInfo.pci);
                    SCHL_SetThreadToDie (pCurThread, 0, NULL);

    I have tried several approaches to get around this issue but none have them have worked. As the above comment says, you should use a PerformCallBack call when trying to call user code from kernel mode, this didn't work for me though.

    Is there a kernel version of CreateFileW which I could use?

    FYI, this code runs fine in my CE 6.0 OSDesign, this is a porting exercise to Compact 7 and it seems there are new security measures when it comes to kernel mode/user mode interaction.

    Any help would be greatly appreciated.

    Thursday, May 12, 2016 10:38 AM