在Windows的不同会话中使用文件映射 [英] Using file mapping in different sessions on Windows

问题描述

我使用CreateFileMapping和MapViewOfFile将文件用作两个进程之间的共享存储.

I using CreateFileMapping and MapViewOfFile to use a file as Shared storage between two process.

进程A作为会话0中的服务运行，以清除文件映射中的内容.

The process A, it is running as Service in session 0, to clear the content in file mapping.

进程B，它是在会话1中运行的常规进程，用于在文件映射中读取和写入内容.

The process B, it is a normal process run in session 1, to read and write the content in file mapping.

首先使用进程B，将一些数据存储到文件映射中并终止. 然后，运行进程A清除数据.我期望在执行进程A之后，文件映射将变为空.但事实并非如此.

Using process B first, there has some data were stored into file mapping and terminates. Then, run the Process A to clear data. In my expectation, after execute process A, the file mapping would become empty. But It didn't.

如果我更改了进程A的特权，请以正常进程在会话1中运行它.所有这些都可以正常工作.

And if I change the privilege of Process A, running it as normal process and in session 1. All of them are works correctly.

我的问题是，在Windows上的不同会话之间，具有相同名称的文件映射不相同吗?

My question is, the file mapping with same name are not identical between different session on windows?

是否有任何功能可以从会话0中的进程创建线程以在会话1中运行? (在会话0的过程中，我尝试在create_thread之前模拟为用户会话，这是行不通的)

And does there has any function can create a thread to run in session 1 from a process in session 0? (I have tried impersonate as user session before create_thread in the process of session 0, it doesn't work)

谢谢.

推荐答案

名称必须以

The name must be prefixed with Global\ if you want to access the object from different sessions.

为避免安全问题，您还希望服务创建对象:

To avoid security issues you also want the service to create the object:

通过使用CreateFileMapping在非会话零的会话中创建全局命名空间中的文件映射对象是一项特权操作.因此，在任意远程桌面会话主机(RD会话主机)服务器会话中运行的应用程序必须启用SeCreateGlobalPrivilege才能成功在全局名称空间中创建文件映射对象.特权检查仅限于创建文件映射对象，而不适用于打开现有对象.例如，如果服务或系统创建了文件映射对象，则只要用户具有必要的访问权限，则在任何会话中运行的任何进程都可以访问该文件映射对象.

The creation of a file-mapping object in the global namespace, by using CreateFileMapping, from a session other than session zero is a privileged operation. Because of this, an application running in an arbitrary Remote Desktop Session Host (RD Session Host) server session must have SeCreateGlobalPrivilege enabled in order to create a file-mapping object in the global namespace successfully. The privilege check is limited to the creation of file-mapping objects, and does not apply to opening existing ones. For example, if a service or the system creates a file-mapping object, any process running in any session can access that file-mapping object provided that the user has the necessary access.

这篇关于在Windows的不同会话中使用文件映射的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！