How to get a handle to a KEVENT??

Hi all,

Sorry for this dumb question but I haven’t been able to find
anything on it the past couple hours. Anyway, I am trying to
use ZwQueryDirectoryFile so I have something like:

ntStatus = ZwQueryDirectoryFile(
FileHandle,
NULL, // HANDLE Event OPTIONAL,
NULL, // PIO_APC_ROUTINE ApcRoutine OPTIONAL,
NULL, // PVOID ApcContext OPTIONAL,
&newIoStatus,
fileInfo,
MaxLength, // ULONG Length,
FileInformationClass,
FALSE, // BOOLEAN ReturnSingleEntry,
NULL, // PUNICODE_STRING FileName OPTIONAL,
TRUE // BOOLEAN RestartScan
);

But with this call I kept getting STATUS_PENDING so I figured I need to
create an event and wait on that event. (Or is there something else I should
do??) So I first want to do something like:

PKEVENT pEvent = ExAllocatePool(NonPagedPool,
sizeof(KEVENT));
KeInitializeEvent(pEvent, SynchronizationEvent, FALSE);

Now the dumb question, how do I get a handle to this EVENT object to pass
into ZwQueryDirectoryFile as the second argument??

Thanks,
Patrick

RE: [ntfsd] RE: What’s the value of non-read/write async handling?Don not
have the excat function, but it is something like:

ObOpenObjectByPointer(). This will accept a pointer to a kernel object and
give you a handle to it.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Patrick Lau
Sent: Wednesday, August 23, 2000 2:39 PM
To: File Systems Developers
Subject: [ntfsd] How to get a handle to a KEVENT??

Hi all,

Sorry for this dumb question but I haven’t been able to find
anything on it the past couple hours. Anyway, I am trying to
use ZwQueryDirectoryFile so I have something like:

ntStatus = ZwQueryDirectoryFile(
FileHandle,
NULL, // HANDLE Event OPTIONAL,
NULL, // PIO_APC_ROUTINE ApcRoutine OPTIONAL,
NULL, // PVOID ApcContext OPTIONAL,
&newIoStatus,
fileInfo,
MaxLength, // ULONG Length,
FileInformationClass,
FALSE, // BOOLEAN ReturnSingleEntry,
NULL, // PUNICODE_STRING FileName OPTIONAL,
TRUE // BOOLEAN RestartScan
);

But with this call I kept getting STATUS_PENDING so I figured I need to
create an event and wait on that event. (Or is there something else I
should
do??) So I first want to do something like:

PKEVENT pEvent = ExAllocatePool(NonPagedPool,
sizeof(KEVENT));
KeInitializeEvent(pEvent, SynchronizationEvent, FALSE);

Now the dumb question, how do I get a handle to this EVENT object to pass
into ZwQueryDirectoryFile as the second argument??

Thanks,
Patrick

Great thanks! But now how do I get the HandleAttributes required by
ObOpenObjectByPointer??

ObOpenObjectByPointer(
IN PVOID Object,
IN ULONG HandleAttributes,
IN PACCESS_STATE PassedAccessState OPTIONAL,
IN ACCESS_MASK DesiredAccess OPTIONAL,
IN POBJECT_TYPE ObjectType OPTIONAL,
IN KPROCESSOR_MODE AccessMode,
OUT PHANDLE Handle
);

-----Original Message-----
From: Jamey Kirby [mailto:xxxxx@storagecraft.com]
Sent: Wednesday, August 23, 2000 2:42 PM
To: File Systems Developers
Subject: [ntfsd] RE: How to get a handle to a KEVENT??

Don not have the excat function, but it is something like:

ObOpenObjectByPointer(). This will accept a pointer to a kernel object and
give you a handle to it.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Patrick Lau
Sent: Wednesday, August 23, 2000 2:39 PM
To: File Systems Developers
Subject: [ntfsd] How to get a handle to a KEVENT??

Hi all,

Sorry for this dumb question but I haven’t been able to find
anything on it the past couple hours. Anyway, I am trying to
use ZwQueryDirectoryFile so I have something like:

ntStatus = ZwQueryDirectoryFile(
FileHandle,
NULL, // HANDLE Event OPTIONAL,
NULL, // PIO_APC_ROUTINE ApcRoutine OPTIONAL,
NULL, // PVOID ApcContext OPTIONAL,
&newIoStatus,
fileInfo,
MaxLength, // ULONG Length,
FileInformationClass,
FALSE, // BOOLEAN ReturnSingleEntry,
NULL, // PUNICODE_STRING FileName OPTIONAL,
TRUE // BOOLEAN RestartScan
);

But with this call I kept getting STATUS_PENDING so I figured I need to
create an event and wait on that event. (Or is there something else I should
do??) So I first want to do something like:

PKEVENT pEvent = ExAllocatePool(NonPagedPool,
sizeof(KEVENT));
KeInitializeEvent(pEvent, SynchronizationEvent, FALSE);

Now the dumb question, how do I get a handle to this EVENT object to pass
into ZwQueryDirectoryFile as the second argument??

Thanks,
Patrick

Please note that you cannot convert ALL kernel object pointers into handles.
A kernel object cannot have a handle unless it was created by the object
manager. That is, the kernel object must have an initialized object header
allocated in memory adjacent to the beginning of the kernel object.
Otherwise, a handle CANNOT be created for the kernel object.

-----Original Message-----
From: Patrick Lau
To: File Systems Developers
Sent: 08/23/2000 5:26 PM
Subject: [ntfsd] RE: How to get a handle to a KEVENT??

Great thanks! But now how do I get the HandleAttributes required by
ObOpenObjectByPointer??

ObOpenObjectByPointer(
IN PVOID Object,
IN ULONG HandleAttributes,
IN PACCESS_STATE PassedAccessState OPTIONAL,
IN ACCESS_MASK DesiredAccess OPTIONAL,
IN POBJECT_TYPE ObjectType OPTIONAL,
IN KPROCESSOR_MODE AccessMode,
OUT PHANDLE Handle
);

-----Original Message-----
From: Jamey Kirby [mailto:xxxxx@storagecraft.com]
Sent: Wednesday, August 23, 2000 2:42 PM
To: File Systems Developers
Subject: [ntfsd] RE: How to get a handle to a KEVENT??

Don not have the excat function, but it is something like:

ObOpenObjectByPointer(). This will accept a pointer to a kernel object
and give you a handle to it.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Patrick Lau
Sent: Wednesday, August 23, 2000 2:39 PM
To: File Systems Developers
Subject: [ntfsd] How to get a handle to a KEVENT??

Hi all,

Sorry for this dumb question but I haven’t been able to find
anything on it the past couple hours. Anyway, I am trying to
use ZwQueryDirectoryFile so I have something like:

ntStatus = ZwQueryDirectoryFile(
FileHandle,
NULL, // HANDLE Event OPTIONAL,
NULL, // PIO_APC_ROUTINE ApcRoutine OPTIONAL,
NULL, // PVOID ApcContext OPTIONAL,
&newIoStatus,
fileInfo,
MaxLength, // ULONG Length,
FileInformationClass,
FALSE, // BOOLEAN ReturnSingleEntry,
NULL, // PUNICODE_STRING FileName OPTIONAL,
TRUE // BOOLEAN RestartScan
);

But with this call I kept getting STATUS_PENDING so I figured I need to
create an event and wait on that event. (Or is there something else I
should
do??) So I first want to do something like:

PKEVENT pEvent = ExAllocatePool(NonPagedPool,
sizeof(KEVENT));
KeInitializeEvent(pEvent, SynchronizationEvent, FALSE);

Now the dumb question, how do I get a handle to this EVENT object to
pass
into ZwQueryDirectoryFile as the second argument??

Thanks,
Patrick

NTSYSAPI
NTSTATUS
NTAPI
ZwCreateEvent (
OUT PHANDLE EventHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
IN EVENT_TYPE EventType,
IN BOOLEAN InitialState
);

From: Rob Fuller
>Reply-To: “File Systems Developers”
>To: “File Systems Developers”
>Subject: [ntfsd] RE: How to get a handle to a KEVENT??
>Date: Wed, 23 Aug 2000 18:22:59 -0500
>
>Please note that you cannot convert ALL kernel object pointers into
>handles.
>A kernel object cannot have a handle unless it was created by the object
>manager. That is, the kernel object must have an initialized object header
>allocated in memory adjacent to the beginning of the kernel object.
>Otherwise, a handle CANNOT be created for the kernel object.
>
>-----Original Message-----
>From: Patrick Lau
>To: File Systems Developers
>Sent: 08/23/2000 5:26 PM
>Subject: [ntfsd] RE: How to get a handle to a KEVENT??
>
>Great thanks! But now how do I get the HandleAttributes required by
>ObOpenObjectByPointer??
>
> ObOpenObjectByPointer(
> IN PVOID Object,
> IN ULONG HandleAttributes,
> IN PACCESS_STATE PassedAccessState OPTIONAL,
> IN ACCESS_MASK DesiredAccess OPTIONAL,
> IN POBJECT_TYPE ObjectType OPTIONAL,
> IN KPROCESSOR_MODE AccessMode,
> OUT PHANDLE Handle
> );
>
>
>-----Original Message-----
>From: Jamey Kirby [mailto:xxxxx@storagecraft.com]
>Sent: Wednesday, August 23, 2000 2:42 PM
>To: File Systems Developers
>Subject: [ntfsd] RE: How to get a handle to a KEVENT??
>
>
>Don not have the excat function, but it is something like:
>
>ObOpenObjectByPointer(). This will accept a pointer to a kernel object
>and give you a handle to it.
>
>
>-----Original Message-----
>From: xxxxx@lists.osr.com
>[mailto:xxxxx@lists.osr.com]On Behalf Of Patrick Lau
>Sent: Wednesday, August 23, 2000 2:39 PM
>To: File Systems Developers
>Subject: [ntfsd] How to get a handle to a KEVENT??
>
>
>Hi all,
>
>Sorry for this dumb question but I haven’t been able to find
>anything on it the past couple hours. Anyway, I am trying to
>use ZwQueryDirectoryFile so I have something like:
>
> ntStatus = ZwQueryDirectoryFile(
> FileHandle,
> NULL, // HANDLE Event OPTIONAL,
> NULL, // PIO_APC_ROUTINE ApcRoutine OPTIONAL,
> NULL, // PVOID ApcContext OPTIONAL,
> &newIoStatus,
> fileInfo,
> MaxLength, // ULONG Length,
> FileInformationClass,
> FALSE, // BOOLEAN ReturnSingleEntry,
> NULL, // PUNICODE_STRING FileName OPTIONAL,
> TRUE // BOOLEAN RestartScan
> );
>
>But with this call I kept getting STATUS_PENDING so I figured I need to
>create an event and wait on that event. (Or is there something else I
>should
>do??) So I first want to do something like:
>
>
> PKEVENT pEvent = ExAllocatePool(NonPagedPool,
>sizeof(KEVENT));
> KeInitializeEvent(pEvent, SynchronizationEvent, FALSE);
>
>Now the dumb question, how do I get a handle to this EVENT object to
>pass
>into ZwQueryDirectoryFile as the second argument??
>
>Thanks,
>Patrick
>
>
>
>
>
>—
>You are currently subscribed to ntfsd as: xxxxx@hotmail.com
>To unsubscribe send a blank email to $subst(‘Email.Unsub’)
>

________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com