Hello,
is it possible to open a driver object? By Name? I know there’s an
undocumented routine “ObOpenObjectByName”. But
and
If anybody has a hint for me, please contact me by email!
Thanks in advance!
Frank
> 2. How do I call it to open a driver object?
IIRC there was another undocumented routine:
NTSTATUS
ObReferenceObjectByName(
IN PUNICODE_STRING ObjectName,
IN ULONG Attributes,
IN PACCESS_STATE PassedAccessState OPTIONAL,
IN ACCESS_MASK DesiredAccess OPTIONAL,
IN PVOID ObjectType,
IN KPROCESSOR_MODE AccessMode,
IN OUT PVOID ParseContext OPTIONAL,
OUT PVOID *Object
);
Pass *IoDriverObjectType as ObjectType.
This will allow you to get the pointer to the driver object by its name.
Max
The argument:
IN PVOID ObjectType
should look like this:
IN POBJECT_TYPE ObjectType OPTIONAL
However there is currently a bug in this routine.
If both the optional arguments ObjectType and
PassedAccessState are NULL the routine generates
STATUS_ACCESS_VIOLATION because it tries to
access the GenericMapping field of the ObjectType
(which is NULL).
Thus one of this two values must be present.
This makes sense eg. in the case of getting the pointer
to \ObjectType\Type (ObpTypeObjectType variable)
Paul
-----P?vodn? zpr?va-----
Od: Maxim S. Shatskih [SMTP:xxxxx@storagecraft.com]
Odesl?no: 30. ?ervence 2000 19:58
Komu: File Systems Developers
P?edm?t: [ntfsd] Re: DriverObjects> 2. How do I call it to open a driver object?
IIRC there was another undocumented routine:
NTSTATUS
ObReferenceObjectByName(
IN PUNICODE_STRING ObjectName,
IN ULONG Attributes,
IN PACCESS_STATE PassedAccessState OPTIONAL,
IN ACCESS_MASK DesiredAccess OPTIONAL,
IN PVOID ObjectType,
IN KPROCESSOR_MODE AccessMode,
IN OUT PVOID ParseContext OPTIONAL,
OUT PVOID *Object
);Pass *IoDriverObjectType as ObjectType.
This will allow you to get the pointer to the driver object by its name.
Max
You are currently subscribed to ntfsd as: xxxxx@sodatsw.cz
To unsubscribe send a blank email to $subst(‘Email.Unsub’)