calling ObReferenceObjectByHandle on thread handle

I create a system thread during driver initialization and I want to
terminate the thread during driver shutdown. Calling
ObReferenceObjectByHandle to retrieve the thread object’s reference
pointer immediately after the call to PsCreateSystemThread yields a
different pointer than waiting to call ObReferenceObjectByHandle just
before my call to KeWaitForSingleObject (see code below).

In order for KeWaitForSingleObject to work properly, I must call
ObReferenceObjectByHandle immediately after PsCreateSystemThread. Why
can’t I wait until MyTerminateThreadFunction to call ObRef as long as
the thread handle has not been released? Is the handle only valid in the
thread context that created the handle?

MyCreateThreadFunction()
{
PsCreateSystemThread(&gblHndlThread…); // hndlThread is a global
}

MyTerminateThreadFunction()
{
ObReferenceObjectByHandle(gblHndlThread, &threadObjectPointer);
KeWaitForSingleObject(threadObjectPointer…);
ObDeferenceObject(threadObjectPointer);
ZwClose(gblHndlThread);
}

Thanks,
Dave

Handle validity depends on the process context when it isn’t
created with OBJ_KERNEL_HANDLE flag in OBJECT_ATTRIBUTES.
I don’t know about your context, but I assume that you’re creating
a thread from the DriverEntry and terminating it from the DriverUnload.
If so I don’t understand why your results are different because both
routines are called in the same process - initial system one - and
thus it doesn’t matter on the presence of OBJ_KERNEL_HANDLE flag.

However, I recommend to reference the handle and close it immediately
after creation of the thread. The reason is simple - you don’t need it
anymore, the pointer is enough. Moreover you can’t introduce a bug
with bad process context when referencing such a handle.

I’m using this technique for a long time and it always worked.

Paul

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Dave McCowan
Sent: Tuesday, April 16, 2002 2:45 PM
To: NT Developers Interest List
Subject: [ntdev] calling ObReferenceObjectByHandle on thread handle

I create a system thread during driver initialization and I want to
terminate the thread during driver shutdown. Calling
ObReferenceObjectByHandle to retrieve the thread object’s reference
pointer immediately after the call to PsCreateSystemThread yields a
different pointer than waiting to call ObReferenceObjectByHandle just
before my call to KeWaitForSingleObject (see code below).

In order for KeWaitForSingleObject to work properly, I must call
ObReferenceObjectByHandle immediately after PsCreateSystemThread. Why
can’t I wait until MyTerminateThreadFunction to call ObRef as long as
the thread handle has not been released? Is the handle only valid in the
thread context that created the handle?

MyCreateThreadFunction()
{
PsCreateSystemThread(&gblHndlThread…); // hndlThread is a global
}

MyTerminateThreadFunction()
{
ObReferenceObjectByHandle(gblHndlThread, &threadObjectPointer);
KeWaitForSingleObject(threadObjectPointer…);
ObDeferenceObject(threadObjectPointer);
ZwClose(gblHndlThread);
}

Thanks,
Dave


You are currently subscribed to ntdev as: xxxxx@compelson.com
To unsubscribe send a blank email to %%email.unsub%%

> the thread handle has not been released? Is the handle only valid in the

thread context that created the handle?

The handle is valid only in the process context which created the handle.

Max

It must be in the same process context.

Pete

Peter Scott
xxxxx@KernelDrivers.com
http://www.KernelDrivers.com

>-----Original Message-----
>From: xxxxx@lists.osr.com [mailto:bounce-ntdev-
>xxxxx@lists.osr.com] On Behalf Of Dave McCowan
>Sent: Tuesday, April 16, 2002 6:45 AM
>To: NT Developers Interest List
>Subject: [ntdev] calling ObReferenceObjectByHandle on thread handle
>
>I create a system thread during driver initialization and I want to
>terminate the thread during driver shutdown. Calling
>ObReferenceObjectByHandle to retrieve the thread object’s reference
>pointer immediately after the call to PsCreateSystemThread yields a
>different pointer than waiting to call ObReferenceObjectByHandle just
>before my call to KeWaitForSingleObject (see code below).
>
>In order for KeWaitForSingleObject to work properly, I must call
>ObReferenceObjectByHandle immediately after PsCreateSystemThread. Why
>can’t I wait until MyTerminateThreadFunction to call ObRef as long as
>the thread handle has not been released? Is the handle only valid in
the
>thread context that created the handle?
>
>MyCreateThreadFunction()
>{
> PsCreateSystemThread(&gblHndlThread…); // hndlThread is a global
>}
>
>MyTerminateThreadFunction()
>{
> ObReferenceObjectByHandle(gblHndlThread, &threadObjectPointer);
> KeWaitForSingleObject(threadObjectPointer…);
> ObDeferenceObject(threadObjectPointer);
> ZwClose(gblHndlThread);
>}
>
>Thanks,
>Dave
>
>—
>You are currently subscribed to ntdev as: xxxxx@KernelDrivers.com
>To unsubscribe send a blank email to %%email.unsub%%