Shared Memory

[Noemata]

Would it be possible to leverage the SID of a UWP app to create shared memory between it and a desktop application? My objective is to leave the UWP app as is and not implement any special calls inside the UWP app beyond opening a "LOCAL" shared memory pipe, and then leverage the desktop side, given it has admin rights, to connect to this shared memory region.

Is something like this doable? Are there any examples of this out in the wild. This is currently one of the biggest limitations of UWP, not being able to have a fast memory channel to other processes. Clearly, any memory area can be made accessible on the desktop side. I'd rather not have to resort to the very old school approach of hunting down a magic string in memory.

I've asked a handful of key Microsoft devs that do know how this could be done and never gotten a reply back (you know who they are).

[zodiacon]

One way to do it is create the section object from the desktop app (CreateFileMapping) and then duplicate it to the UWP process (DuplicateHandle). The only thing remaining would be to let the UWP process know the value of the resulting handle.

[Noemata]

Very cool idea. I'm not able to picture how you would go about duplicating the handle on the UWP side. Any chance you could sketch out some code or provide an example? This sounds completely doable, but I don't see how you go about letting the UWP side know about the handle created by the desktop app.

Would I communicate the handle through an AppService? Or is there a simpler way of getting it to the UWP side? Perhaps a Url Launch type mechanism? I don't want to leverage any of the Desktop bridge bits. It sounds like this could be done without having to resort to that.

Since my desktop app can link against the UWP API, the AppService approach is the only thing I can think of.

[zodiacon]

AppService would certainly work. Maybe even SendMessage to the window in the UWP app (assuming you can get to it with FindWindow or EnumWindows). And of course, there's the non-elegant write-to-a-common-file approach...

[Noemata]

SendMessage? I didn't think that was even possible?? Wow. Any UWP example of that anywhere?

[zodiacon]

Don't know... Why don't you write one? :)

[Noemata]

Easy for you to say Pavel. You're just one of the best devs on the planet for this stuff! I'm a mere mortal. I haven't delved into this sort of thing since my NT kernel hooking days, and that's a long time ago in a galaxy far, far away (lol). I dare you to put UWP app together that implements this memory sharing strategy! Not to worry, I know you have more important things at hand. I can see I have some pain ahead to get this working. Given there isn't a single example of this out there, clearly it's not that easy or obvious for most. Thanks again for your input. This is the closest thing to a workable approach that I've seen so far. OpenFileMapping, DuplicateHandle on other side … so simple yet I never would have thought of it!! I thought such handles had to be inherited at process creation through a "master" process.

[Noemata]

Here's a puzzle for you (and if you can't come up with an answer you'll make the UWP memory sharing sample).

You are given RDP access to a completely locked down remote RDP session. No shared access to anything ... devices or drives, and all ports are locked out, with no way into the machine from the internet, etc. In the RDP session have full admin rights and can even write a program. How do you send arbitrary files to yourself efficeintly?

There is a way. Responding with the last letter of the word associated with a workable approach is sufficient if you feel the need to protect the innocent.

[zodiacon]

I appreciate the compliment... but if you've done kernel hooking, this should be simpler :) I may do that for fun and post it on my blog. We'll see. As for the riddle... I don't have an answer... maybe it would be easier just to make the sample (lol)

[Noemata]

I'm too old to remember the details Pavel. Age hits some of us harder than others, sadly. I haven't touched C++ in a serious way in over a decade. The answer is the letter "D". There's a tiny little hole that is inside every RDP session. You have to be an octopus to be able to squeeze through it, but it's doable. It was perfectly obvious to me ;-). Cheers..