> Hi guys, I have a weird problem here. > At kernel mode, i use IoCreateNotificationEvent, and at my user-mode, I > use OpenEvent, as such: > > myEvent = ::OpenEventW(SYNCHRONIZE, FALSE, > L"\BaseNamedObjects\eventname"); > > However, i get an error 161, which is ERROR_BAD_PATHNAME, “The specified > path is invalid” as found on msdn.
If OpenEvent succeeded (so myEvent is not NULL), then you cannot use GetLastError. This rule apply to most (if not all) api calls that uses GetLastError, because they doesn’t call SetLastError(ERROR_SUCCESS) when it does success.
> I understand, but I use a if statement to check if myEvent is NULL, and if > it is, i will call GetLastError to get the error message. > > I even assigned NULL to myEvent (myEvent = NULL) and not call OpenEvent at > all, and WaitForSingleObject still works
It is for detecting process creation (ioctls.h, ProcApp.cpp, ProcMon.h and ProcMon.c). I realise that the problem is OpenEvent fails and returns the error 161 which is ERROR_BAD_PATHNAME.
However, I used objdir and the event is created in BaseNamedObjects, but when i call OpenEvent, it fails. Why is that so? Is there anything wrong in the codes?
It is for detecting process creation (ioctls.h, ProcApp.cpp, ProcMon.h and ProcMon.c). I realise that the problem is OpenEvent fails and returns the error 161 which is ERROR_BAD_PATHNAME.
However, I used objdir and the event is created in BaseNamedObjects, but when i call OpenEvent, it fails. Why is that so? Is there anything wrong in the codes?
My answer seems to have crossed with your follow-up question. Did you
see that I answered your question?
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
Thank you so much! It finally worked!
You have been such a great help, I am really thankful and appreciate it a lot… thank you so much again.
Hope that this can help anyone facing the same problem as me. Also, i ran the application as administrator, if not there will be problems with access rights to the event!
The far simpler, and more secure!, way to do this is to create an unnamed event in um and the pass the handle to km, convert it to the PKEVENT and then deref it when done. Since your event has a name, anyone can open it or squat on it.
Thank you so much! It finally worked! You have been such a great help, I am really thankful and appreciate it a lot… thank you so much again.
Hope that this can help anyone facing the same problem as me. Also, i ran the application as administrator, if not there will be problems with access rights to the event!