Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.More Info on Driver Writing and Debugging
The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
Obtaining a handle to my own device in KM
Hi guys,
I have a a minifilter-driver and in the DriverEntry() I am calling IoCreateDevice() giving it a name in a form of \Device\Blabla. After this I create a symbolic link and make the device accessible for UM. This device is later used for UM --> KM communication, mainly for sending IOCTLs.
There is one thing I am trying to achieve additionally:
What if I wanted to obtain a device handle but in the kernel mode? So i am calling ZwCreateFile or NtCreateFile using different device name formats. But this always fails. So far I have tried:
L"\\.\Blabla"
L"\Device\Blabla"
L"\DosDevices\Blabla"
L"\??\Blabla"
L"\??\Blabla\"
Also: ObOpenObjectByPointer() worked on the device object but the handle I got was bogus.
Any help would be appreciated.
Thanks!
Howdy, Stranger!
| Upcoming OSR Seminars | ||
|---|---|---|
| OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead! | ||
| Kernel Debugging | 30 January 2023 | Live, Online |
| Developing Minifilters | 20 March 2023 | Live, Online |
| Internals & Software Drivers | 17 April 2023 | Live, Online |
| Writing WDF Drivers | 22 May 2023 | Live, Online |
Comments
Note that invoking ZwCreateFile creates a file object that's linked to your device object then it creates a handle to this file object - It does not create a handle directly to your device object. Invoking ObOpenObjectByPointer does not create a file object - the output handle will be directly to your device object so you cannot use it with ZwDeviceIoControlFile because this function expects a file object.
I am getting STATUS_ACCESS_DENIED, STATUS_OBJECT_TYPE_MISMATCH, STATUS_ACCESS_VIOLATION.
I guess what I am testing and trying to do is obtaining a device handle on behalf of the calling UM process in the same way the UM process itself would do it by calling:
constexpr static const wchar_t* DeviceName{ L"\\.\Blabla" };
HANDLE hDriver = CreateFile(DeviceName,
FILE_ALL_ACCESS,
FILE_SHARE_READ | FILE_SHARE_WRITE,
nullptr,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
nullptr);
This works with no issues in UM but I cannot make it work in KM. I had some success with ObOpenObjectByPointer() on the device handle but this opens a handle to a device, not to a file. The UM handle opened by CreateFile() points to \FileSystem\Blabla so these represent different objects.
Any suggestions?
Can you show the code that:
There could be many reasons.. Maybe the device is marked with Exclusive = TRUE and there's already a user mode handle to the device?
Solved it by using IoCreateFile(). Hopefully this gets documented somewhere
Thanks everyone who tried helping!