Hello all,
I have a problem calling NtCreateProcess from a driver. I can’t figgure-out why the call to
NtCreateProcess returns status :
Error code: (NTSTATUS) 0xc0000024 (3221225508) - {Wrong Type}
There is a mismatch between the type of object required by the requested operation and the type of object that is specified in the request.
NTSTATUS KGD_CreateProcess(
OUT PHANDLE phProcessHandle,
IN PWCHAR pwProcessPath
)
{
NTSTATUS NtStatus;
OBJECT_ATTRIBUTES ObjProcessPath;
UNICODE_STRING usProcessPath;
HANDLE hProcHandle;
PEPROCESS pEprocess;
//safety checks
if (pwProcessPath==NULL) return STATUS_UNSUCCESSFUL;
if (SysCall->NtCreateProcess==NULL) return STATUS_UNSUCCESSFUL;
if (SysCall->IoGetCurrentProcess==NULL) return STATUS_UNSUCCESSFUL;
if (SysCall->ObOpenObjectByPointer==NULL) return STATUS_UNSUCCESSFUL;
pEprocess = SysCall->IoGetCurrentProcess();
//get handle to process
NtStatus = SysCall->ObOpenObjectByPointer(
pEprocess,
OBJ_KERNEL_HANDLE,
NULL,
PROCESS_ALL_ACCESS,
NULL,
KernelMode,
&hProcHandle
);
if ( NT_SUCCESS(NtStatus)==FALSE )
{
NtClose(hProcHandle);
return STATUS_UNSUCCESSFUL;
}
RtlInitUnicodeString(&usProcessPath, pwProcessPath);
InitializeObjectAttributes (&ObjProcessPath, &usProcessPath, OBJ_KERNEL_HANDLE, NULL, NULL);
NtStatus = SysCall->NtCreateProcess(
phProcessHandle,
PROCESS_ALL_ACCESS,
&ObjProcessPath,
hProcHandle,
FALSE,
NULL,
NULL,
NULL
);
if ( NT_SUCCESS(NtStatus)==FALSE)
return STATUS_UNSUCCESSFUL;
return STATUS_SUCCESS;
}
If anyone has a clue on what am I missing feel free to give me a piese
of advice
thank you,
Mihai