Hi guys,
I have a a minifilter-driver and in the DriverEntry() I am calling IoCreateDevice() giving it a name in a form of \Device\Blabla. After this I create a symbolic link and make the device accessible for UM. This device is later used for UM → KM communication, mainly for sending IOCTLs.
There is one thing I am trying to achieve additionally:
What if I wanted to obtain a device handle but in the kernel mode? So i am calling ZwCreateFile or NtCreateFile using different device name formats. But this always fails. So far I have tried:
L"\\.\Blabla"
L"\Device\Blabla"
L"\DosDevices\Blabla"
L"\??\Blabla"
L"\??\Blabla\"
Also: ObOpenObjectByPointer() worked on the device object but the handle I got was bogus.
Any help would be appreciated.
Thanks!
- What error do you get back from ZwCreateFile? \Device\Blabla should definitely work…
- Why would you want to open your own device? If the requests are handled by the same driver you can just make a function call, no?
Also: ObOpenObjectByPointer() worked on the device object but the handle I got was bogus.
Note that invoking ZwCreateFile creates a file object that’s linked to your device object then it creates a handle to this file object - It does not create a handle directly to your device object. Invoking ObOpenObjectByPointer does not create a file object - the output handle will be directly to your device object so you cannot use it with ZwDeviceIoControlFile because this function expects a file object.
I am getting STATUS_ACCESS_DENIED, STATUS_OBJECT_TYPE_MISMATCH, STATUS_ACCESS_VIOLATION.
I guess what I am testing and trying to do is obtaining a device handle on behalf of the calling UM process in the same way the UM process itself would do it by calling:
constexpr static const wchar_t* DeviceName{ L"\\.\Blabla" };
HANDLE hDriver = CreateFile(DeviceName,
FILE_ALL_ACCESS,
FILE_SHARE_READ | FILE_SHARE_WRITE,
nullptr,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
nullptr);
This works with no issues in UM but I cannot make it work in KM. I had some success with ObOpenObjectByPointer() on the device handle but this opens a handle to a device, not to a file. The UM handle opened by CreateFile() points to \FileSystem\Blabla so these represent different objects.
Any suggestions?
Can you show the code that:
- Invokes IoCreateDevice
- Invokes ZwCreateFile in kernel mode
There could be many reasons… Maybe the device is marked with Exclusive = TRUE and there’s already a user mode handle to the device?
Solved it by using IoCreateFile(). Hopefully this gets documented somewhere
Thanks everyone who tried helping!