How to create DRIVER_OBJECT with ObCreateObject?
I want to create this object and transfer it to Driver Entry point.
Please, advice.
What are you really trying to do? You can load a driver in a number of
ways, but why do you think you need to create the object and call
DriverEntry?
Don Burn
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
“xxxxx@yandex.ru” wrote in message
news:xxxxx@ntdev:
> How to create DRIVER_OBJECT with ObCreateObject?
> I want to create this object and transfer it to Driver Entry point.
> Please, advice.
Yes, I load driver and DRIVER_OBJECT is NULL.
I need it to some valid value to process IRQ. This is for filter file system driver.
Hmmmm… There are no ordinary circumstances under which you need to create a DRIVER_OBJECT. The system will always create one for you, assuming you’re loading your driver in a supported and reasonable way.
First of all, you almost certainly want to write your file system filter driver using the “mini-filter” model.
Next, back to Don’s question:
If you tell us more, we can help you more…
Peter
OSR
xxxxx@yandex.ru wrote:
Yes, I load driver and DRIVER_OBJECT is NULL.
Not unless you are loading the driver by hand, bypassing the kernel’s
normal methods.
I need it to some valid value to process IRQ. This is for filter file system driver.
Why does a file system filter driver need to worry about an IRQ? This
whole thread is sounding somewhat suspicious.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
How are you loading the driver? The only way I know of it getting a
NULL is to use undocumented calls, that show up on the web with data
that was obsolete in Windows XP! The other way this happens is when a
driver tries to create another driver out of memory, but I have only
seen that in a very malicious piece of code. So again what are you
really trying to do hear?
Don Burn
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
“xxxxx@yandex.ru” wrote in message
news:xxxxx@ntdev:
> Yes, I load driver and DRIVER_OBJECT is NULL.
> I need it to some valid value to process IRQ. This is for filter file system driver.
I have found React OS source code to understand how ZwLoadDriver working.
Yes, I am trying to load driver from another driver.
Here is example of code how to create DRIVER_OBJECT:
NameBuffer = “\Driver\1234567890”;
LocalDriverName.Length = NameLength * sizeof(WCHAR);
LocalDriverName.MaximumLength = LocalDriverName.Length + sizeof(UNICODE_NULL);
LocalDriverName.Buffer = NameBuffer;
/* Initialize the Attributes */
ObjectSize = sizeof(DRIVER_OBJECT) + sizeof(EXTENDED_DRIVER_EXTENSION);
InitializeObjectAttributes(&ObjectAttributes,
&LocalDriverName,
OBJ_PERMANENT | OBJ_CASE_INSENSITIVE,
NULL,
NULL);
/* Create the Object */
Status = ObCreateObject(KernelMode,
IoDriverObjectType,
&ObjectAttributes,
KernelMode,
NULL,
ObjectSize,
0,
0,
(PVOID*)&DriverObject);
if (!NT_SUCCESS(Status)) return Status;
My code fails on ObCreateObject() call. with 0xC0000005
So why not use ZwLoadDriver? You still have told us the purpose of what
you are trying!
Don Burn
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
“xxxxx@yandex.ru” wrote in message
news:xxxxx@ntdev:
> I have found React OS source code to understand how ZwLoadDriver working.
> Yes, I am trying to load driver from another driver.
> Here is example of code how to create DRIVER_OBJECT:
>
>
> NameBuffer = “\Driver\1234567890”;
> LocalDriverName.Length = NameLength * sizeof(WCHAR);
> LocalDriverName.MaximumLength = LocalDriverName.Length + sizeof(UNICODE_NULL);
> LocalDriverName.Buffer = NameBuffer;
>
> /* Initialize the Attributes /
> ObjectSize = sizeof(DRIVER_OBJECT) + sizeof(EXTENDED_DRIVER_EXTENSION);
> InitializeObjectAttributes(&ObjectAttributes,
> &LocalDriverName,
> OBJ_PERMANENT | OBJ_CASE_INSENSITIVE,
> NULL,
> NULL);
>
> / Create the Object /
> Status = ObCreateObject(KernelMode,
> IoDriverObjectType,
> &ObjectAttributes,
> KernelMode,
> NULL,
> ObjectSize,
> 0,
> 0,
> (PVOID)&DriverObject);
> if (!NT_SUCCESS(Status)) return Status;
>
>
> My code fails on ObCreateObject() call. with 0xC0000005
xxxxx@yandex.ru wrote:
I have found React OS source code to understand how ZwLoadDriver working.
Yes, I am trying to load driver from another driver.
Here is example of code how to create DRIVER_OBJECT:NameBuffer = “\Driver\1234567890”;
LocalDriverName.Length = NameLength * sizeof(WCHAR);
LocalDriverName.MaximumLength = LocalDriverName.Length + sizeof(UNICODE_NULL);
LocalDriverName.Buffer = NameBuffer;
That code is not correct. LocalDriverName defines a Unicode string, but
you are providing an ANSI string. If this is literally cut and pasted
from your code, then the problem could be as simple as that.
LocalDriverName.Buffer contains a bunch of garbage that is not really as
big as you told it.
Try
NameBuffer = L"\Driver\1234567890";
Or perhaps replace that entire sequence with:
RtlInitUnicodeString( &LocalDriverName, L"\Driver\1234567890" );
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
THAT would be a mistake (rolls eyes).
Do not do what you’re doing at all. Just don’t. Use ZwLoadDriver if you’re loading a standard driver from a standard driver. Use FltLoadDriver if you’re loading a mini-filter from a mini-filter. Trying to create your own driver object is just asking for trouble. Seriously.
If you’re trying to write malware, go to another list.
Peter
OSR
On Tue, Jul 12, 2011 at 7:53 PM, Tim Roberts wrote:
> Or perhaps replace that entire sequence with:
> ? ?RtlInitUnicodeString( &LocalDriverName, L"\Driver\1234567890" );
If this is a constant then DECLARE_CONST_UNICODE_STRING macro is
useful as well:
DECLARE_CONST_UNICODE_STRING(LocalDriverName, L"\Driver\1234567890");
Kris
you wan to load driver by memory.
2011/7/13 Krzysztof Uchronski
> On Tue, Jul 12, 2011 at 7:53 PM, Tim Roberts wrote:
> > Or perhaps replace that entire sequence with:
> > RtlInitUnicodeString( &LocalDriverName, L"\Driver\1234567890" );
>
> If this is a constant then DECLARE_CONST_UNICODE_STRING macro is
> useful as well:
> DECLARE_CONST_UNICODE_STRING(LocalDriverName, L"\Driver\1234567890");
>
> Kris
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
–
Happy EveryDay
I have tried RtlInitUnicodeString() without success.
I think I have problem with ObCreateObject params.
ObCreateObject(0, NULL, &ObjectAttributes, 0, NULL, ObjectSize, 0, 0, (PVOID*)pdoDriver);
Maybe ObjectSize or some other parameter incorrect. Still trying.
I can use :
DRIVER_OBJECT driverObject;
PDRIVER_OBJECT pdoDriver = g_pdoDriver;
for (i = 0; i< IRP_MJ_MAXIMUM_FUNCTION; i++)
{
pdoDriver->MajorFunction[i] = Unimplemented;
}
pdoDriver->MajorFunction[IRP_MJ_CREATE] = Create;
pdoDriver->MajorFunction[IRP_MJ_WRITE] = Write;
pdoDriver->MajorFunction[IRP_MJ_READ] = Read;
pdoDriver->DriverUnload = Unload;
RtlInitUnicodeString(&DeviceName, L"\23456789");
status = IoCreateDevice(pdoDriver,
sizeof(DEVICE),
&DeviceName,
FILE_DEVICE_DISK_FILE_SYSTEM,
0,
FALSE,
&pdoDevice);
IoCreateDevice is executed. Device is created.
But still my driver is not working correctly.
This dose not matter how driver is loaded. I have tried ZwLoadDriver with success, but how to create device for custom driver ?
" you wan to load driver by memory."
I realize that English is not your native language, but could you try again? The context, syntax, and or any other grammatical structure of that isolated sentence fragment completely obscures any meaning possible.
Drivers are always loaded into memory, and all drivers I have encountered manipulate memory in some form or fashion. Do you refer to an OBJECT in memory?
Gary G. Little
Attempting to “grok” the unfathomable.
----- Original Message -----
From: “yanqing peng”
To: “Windows System Software Devs Interest List”
Sent: Tuesday, July 12, 2011 8:05:00 PM
Subject: Re: [ntdev] DRIVER_OBJECT
you wan to load driver by memory.
2011/7/13 Krzysztof Uchronski < xxxxx@gmail.com >
On Tue, Jul 12, 2011 at 7:53 PM, Tim Roberts < xxxxx@probo.com > wrote:
> Or perhaps replace that entire sequence with:
> RtlInitUnicodeString( &LocalDriverName, L"\Driver\1234567890" );
If this is a constant then DECLARE_CONST_UNICODE_STRING macro is
useful as well:
DECLARE_CONST_UNICODE_STRING(LocalDriverName, L"\Driver\1234567890");
Kris
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
–
Happy EveryDay
— NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
I found my problem. IoDriverObjectType must not be null.
crutch code…
xxxxx@yandex.ru wrote:
I can use :
DRIVER_OBJECT driverObject;
PDRIVER_OBJECT pdoDriver = g_pdoDriver;
Where did those values come from?
for (i = 0; i< IRP_MJ_MAXIMUM_FUNCTION; i++)
{
pdoDriver->MajorFunction[i] = Unimplemented;
}
That’s not necessary. If you leave those entries in their default
state, the I/O manager will not send you those requests.
RtlInitUnicodeString(&DeviceName, L"\23456789");
Drivers should all be in the \Device namespace, not in the root. It’s
true that is only a convention; I suspect the kernel will allow you to
create a name outside of that namespace, but some driver tools won’t
work properly.
IoCreateDevice is executed. Device is created.
But still my driver is not working correctly.
How do you know that? How are you trying to use it? Nothing you have
done here would allow you to open this device from user mode. That
device name is not usable from user mode. If you want to call it from
user mode, you have to create a symbolic link within the \DosDevices
namespace.
This dose not matter how driver is loaded. I have tried ZwLoadDriver with success, but how to create device for custom driver ?
Look, despite many email exchanges, you still have not told us WHAT YOU
ARE TRYING TO DO. What is your goal? What kind of driver are you
writing? What do you want it to do? Tell us the goals, and we’ll guide
you to a solution.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
> Look, despite many email exchanges, you still have not told us WHAT YOU ARE TRYING TO DO.
What is your goal? What kind of driver are you writing? What do you want it to do? Tell us
the goals, and we’ll guide you to a solution.
I really trying to understand what I want, what I have, what I need.
I really in trouble with all that staff. Anyway, ok, let me try again.
First, I want to excuse.
I need file system driver, nor file filter, not minifilter. File system driver.
And I already have one. I am trying to understand how it is working.
At first I have faced a trouble with DRIVER_OBJECT in DriverEntry.
It’s null. Driver was loaded by custom tool. It’s recommended to use this tool.
I used ZwLoadDriver. I have created IoCreateDevice for system defined DRIVER_OBJECT
and my file system driver worked perfect. I can do operations from user mode.
I have used WinObj, IoCreateDevice() created device. It’s ok.
But when I use this tool, I get in trouble. I can not create device using IoCreateDevice.
Anyway, my goal is to develop file system driver. My goal is to create a device.
My goals are to do CreateFile, WriteFile, ReadFile operations on this device.
I am underway, but get in trouble.
Please help me, I don’t want to rewrite all my code. And I want to connect this tool.
Hacking thing to create a DRIVER_OBJECT is just going to mess things up
when the file system is loaded in a normal way, so get rid of the tool.
Bottom line is if you have to hack the code because of this tool, you
are creating problems for yourself in the future.
Don Burn
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
“xxxxx@yandex.ru” wrote in message
news:xxxxx@ntdev:
> > Look, despite many email exchanges, you still have not told us WHAT YOU ARE TRYING TO DO.
> > What is your goal? What kind of driver are you writing? What do you want it to do? Tell us
> > the goals, and we’ll guide you to a solution.
>
> I really trying to understand what I want, what I have, what I need.
> I really in trouble with all that staff. Anyway, ok, let me try again.
> First, I want to excuse.
> I need file system driver, nor file filter, not minifilter. File system driver.
> And I already have one. I am trying to understand how it is working.
>
> At first I have faced a trouble with DRIVER_OBJECT in DriverEntry.
> It’s null. Driver was loaded by custom tool. It’s recommended to use this tool.
>
> I used ZwLoadDriver. I have created IoCreateDevice for system defined DRIVER_OBJECT
> and my file system driver worked perfect. I can do operations from user mode.
> I have used WinObj, IoCreateDevice() created device. It’s ok.
>
> But when I use this tool, I get in trouble. I can not create device using IoCreateDevice.
>
> Anyway, my goal is to develop file system driver. My goal is to create a device.
> My goals are to do CreateFile, WriteFile, ReadFile operations on this device.
> I am underway, but get in trouble.
>
> Please help me, I don’t want to rewrite all my code. And I want to connect this tool.
Whoever recommended you to use this tool doesn’t know what they’re talking about.
Right. That’s why we told you to do it this way.
RIGHT. That’s why we told you to NOT do it that way. Duh!
To repeat myself… which I really hate doing:
“Trying to create your own driver object is just asking for trouble. Seriously.”
There’s a REASON I gave you this advice. I’ve BEEN where you are. I’ve DONE that. I’ve read the source code (to Windows, not to stupid reactOS). I know that trying to create your own driver object with ObCreateObject creates problems.
Now, you can keep asking the same question in hopes of getting somebody to give you a different answer, or you can do things the way that will work.
If you won’t listen to me, listen to Mr. Burn when he said:
“get rid of the tool… if you have to hack the code because of this tool, you
are creating problems for yourself”
Peter
OSR