ObReferenceObjectByName + 0xC00000024 + Windows 7

NTDEV
1

This is very odd, the following snippet of code works perfectly under Vista, however on Windows 7 I get a 0xC00000024 or STATUS_OBJECT_TYPE_MISMATCH.

//DECLARES
NTSTATUS
NTAPI
ObReferenceObjectByName(
PUNICODE_STRING ObjectName,
ULONG Attributes,
PACCESS_STATE Passed,
ACCESS_MASK DesiredAccess,
POBJECT_TYPE ObjectType,
KPROCESSOR_MODE Access,
PVOID ParseContext,
PVOID* ObjectPtr
);

extern POBJECT_TYPE IoDriverObjectType;

//FUNCTION CODE…

PDRIVER_OBJECT pUSBDriverObject=NULL;
UNICODE_STRING usObjName;
NTSTATUS ntstat;
RtlInitUnicodeString (&usObjName, L"\Driver\USBSTOR");

ntstat = ObReferenceObjectByName (&usObjName,
OBJ_KERNEL_HANDLE|OBJ_CASE_INSENSITIVE,
NULL,
0,
IoDriverObjectType,
KernelMode,
NULL,
&pUSBDriverObject);

Now, I’m just wondering why I would get a “mismatch between the type of object that is required by the requested operation and the type of object that is specified in the request.” When I am requesting a Driver object by name and presenting a DriverObject pointer…

Any suggestions?

Again this only happens under Windows 7 Build 7100, Vista has no issues.

Thanks!

2

i think you are missing a level of indirection. the object types are exported as pointers to pointers (see http://msdn.microsoft.com/en-us/library/ms802942.aspx). with that in mind you want

extern POBJECT_TYPE* IoDriverObjectType;

ntstat = ObReferenceObjectByName (&usObjName,
OBJ_KERNEL_HANDLE|OBJ_CASE_INSENSITIVE,
NULL,
0,
*IoDriverObjectType,
KernelMode,
NULL,
&pUSBDriverObject);

but this just gets you a PDRIVER_OBJECT which is rather useless. what are you going to do with the driver object? what the device device object list? if you are going to walk the devobj list, that is an unsafe operation and totally unsynchronized with pnp state changes to that list (not to mention the fact that there is no way to know what each device’s role in that list is)

d

From: xxxxx@lists.osr.com [xxxxx@lists.osr.com] on behalf of xxxxx@agilerm.net [xxxxx@agilerm.net]
Sent: Tuesday, September 29, 2009 8:45 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] ObReferenceObjectByName + 0xC00000024 + Windows 7

This is very odd, the following snippet of code works perfectly under Vista, however on Windows 7 I get a 0xC00000024 or STATUS_OBJECT_TYPE_MISMATCH.

//DECLARES
NTSTATUS
NTAPI
ObReferenceObjectByName(
PUNICODE_STRING ObjectName,
ULONG Attributes,
PACCESS_STATE Passed,
ACCESS_MASK DesiredAccess,
POBJECT_TYPE ObjectType,
KPROCESSOR_MODE Access,
PVOID ParseContext,
PVOID* ObjectPtr
);

extern POBJECT_TYPE IoDriverObjectType;

//FUNCTION CODE…

PDRIVER_OBJECT pUSBDriverObject=NULL;
UNICODE_STRING usObjName;
NTSTATUS ntstat;
RtlInitUnicodeString (&usObjName, L"\Driver\USBSTOR");

ntstat = ObReferenceObjectByName (&usObjName,
OBJ_KERNEL_HANDLE|OBJ_CASE_INSENSITIVE,
NULL,
0,
IoDriverObjectType,
KernelMode,
NULL,
&pUSBDriverObject);

Now, I’m just wondering why I would get a “mismatch between the type of object that is required by the requested operation and the type of object that is specified in the request.” When I am requesting a Driver object by name and presenting a DriverObject pointer…

Any suggestions?

Again this only happens under Windows 7 Build 7100, Vista has no issues.

Thanks!

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

3

If you need an object type which isn’t exported, just use the ObGetObjectType(…) function for get “type object type”:

extern POBJECT_TYPE* IoDriverObjectType;
POBJECT_TYPE ObGetObjectType(PVOID Object);
POBJECT_TYPE TypeObjectType = ObGetObjectType(*IoDriverObjectType);

And open any object type by name:
ObReferenceObjectByName(“\ObjectTypes\TypeName”, TypeObjectType, …);