Well I think you got it wrong again.
Take PsGetCurrentThread() and do the same.
Where do you thinkg the ETHREAD was created, or EPROCESS or in fact all the
objects that Ob functions expect ?
They start from kernel, and they get to have handles created for UM also
from kernel by the Ob manager.
I would suggest you go with the Windbg dissasembler step by step and see
where it throws the exception.
It will fail in ObReferenceObjectByPointer inside OpOpen call because the
KSEMAPHORE has an invalid OBJECT_HEADER
Regards,
Gabriel
On Tue, Feb 9, 2016 at 4:37 PM, wrote:
> Thanks any way.
>
> I got the answer.
>
> The code is totally WRONG
>
> ObOpenObjectByPointer can’t use on a object which is create in kenrel
> context.
>
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list online at: <
> http://www.osronline.com/showlists.cfm?list=ntdev>
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at <
> http://www.osronline.com/page.cfm?name=ListServer>
>
–
Bercea. G.</http:>
In other words this is not an object owned by the Ob manager so does not
have an OBJECT_HEADER.
It is supposed to be used by dispatcher functions ( KeWait, KeXXX ) not the
Ob.
It is the same story if you do KeInitializeEvent, etc… on a KEVENT struct
you have in your driver, this is not reference counted.
Zw/NtCreateSemaphore will call indeed ObCreateObject and
KeInitializeSemaphore and ObInsertObject which will create a handle in the
context of the calling process.
But what you do there, you just take a shortcut, you don’t need Ob for
this, then you should not “ask” for help about these structs, because you
pretty much own them.
Regards,
Gabriel
On Tue, Feb 9, 2016 at 5:16 PM, Gabriel Bercea wrote:
> Well I think you got it wrong again.
> Take PsGetCurrentThread() and do the same.
> Where do you thinkg the ETHREAD was created, or EPROCESS or in fact all
> the objects that Ob functions expect ?
> They start from kernel, and they get to have handles created for UM also
> from kernel by the Ob manager.
> I would suggest you go with the Windbg dissasembler step by step and see
> where it throws the exception.
> It will fail in ObReferenceObjectByPointer inside OpOpen call because the
> KSEMAPHORE has an invalid OBJECT_HEADER
>
> Regards,
> Gabriel
>
> On Tue, Feb 9, 2016 at 4:37 PM, wrote:
>
>> Thanks any way.
>>
>> I got the answer.
>>
>> The code is totally WRONG
>>
>> ObOpenObjectByPointer can’t use on a object which is create in kenrel
>> context.
>>
>>
>> —
>> NTDEV is sponsored by OSR
>>
>> Visit the list online at: <
>> http://www.osronline.com/showlists.cfm?list=ntdev>
>>
>> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
>> software drivers!
>> Details at http:
>>
>> To unsubscribe, visit the List Server section of OSR Online at <
>> http://www.osronline.com/page.cfm?name=ListServer>
>>
>
>
>
> –
> Bercea. G.
>
–
Bercea. G.</http:>
Many thanks!
You are right.The object which i want to open is not managed by object manager.
I need study harder and harder.