The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
If i understand correctly, if you have a open handle on a file, whether you got this handle in kernel or user-mode, you can't delete the file simply via explorer, and you have to close the handle (but correct me if Im wrong)
But what about the case that you only incremented the reference count by something like obreferenceobjectbyhandle?
lets say i get the handle, then use obreferenceobjectbyhandle, later on i only need to use ObDereferenceObject to close the handle right? or do i need to use both obreferenceobjectbyhandle and also close the handle as well, so the file could get deleted later on without problem?
can i just close the handle right after i do obreferenceobjectbyhandle if i only want to work the file file_object and not the handle?
|Upcoming OSR Seminars|
|OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!|
|Developing Minifilters||24 May 2021||Live, Online|
|Writing WDF Drivers||14 June 2021||Live, Online|
|Internals & Software Drivers||27 September 2021||Live, Online|
|Kernel Debugging||TBD 2021||Live, Online|