RE: blue screen problem: *** STOP:0x0000006B (0xC0000020, 0x00000003, 0x00000000, 0x00000000)

NTFSD
1

Try going through ZwOpenThreadToken/ZwOpenProcessToken route to get the
token information. As per DDK SubjectSecurityConte structure is opaque. So
you don’t know what you are playing with.

-----Original Message-----
From: Bill Deng [mailto:xxxxx@hotmail.com]
Sent: Saturday, September 06, 2003 1:33 PM
To: File Systems Developers
Subject: [ntfsd] blue screen problem: *** STOP:0x0000006B (0xC0000020,
0x00000003, 0x00000000, 0x00000000)

Hi,All,

I am writing a file filter. In my IRP_MJ_CREATE dispatch routine, I add some
codes to get the file user SID, however, when I turn on my computer I
automatically get a blue screen with the message
“Process1_initialization_failed”.

The error number is:

*** STOP:0x0000006B (0xC0000020, 0x00000003, 0x00000000, 0x00000000)

Can anyone help me with that? My codes added in IRP_MJ_CREATE dispatch
routine are attached as below, thank you in advance:

//
// Purpose of these codes is to get user SID
//

NTSTATUS status;
ULONG RetLen;
HANDLE hToken;
PTOKEN_USER tokenInfoBuffer;
PIO_STACK_LOCATION irpSp;
PACCESS_TOKEN Token;
PSID userSID;

irpSp = IoGetCurrentIrpStackLocation( Irp );
Token
=irpSp->Parameters.Create.SecurityContext->AccessState->SubjectSecurityConte
xt.ClientToken;
if( Token == NULL )
Token
=irpSp->Parameters.Create.SecurityContext->AccessState->SubjectSecurityConte
xt.PrimaryToken;

// ObOpenObjectByPointer on Token, provides hToken;
ObOpenObjectByPointer(Token, 0, NULL, TOKEN_QUERY, NULL, KernelMode,
&hToken );
ObDereferenceObject(Token);

// This returns the size of the SID.
status=ZwQueryInformationToken(hToken, TokenUser, NULL, 0, &RetLen);
if ( STATUS_SUCCESS != status )
return STATUS_UNSUCCESSFUL;

//Allocate memory for RetLen bytes, put the pointer to tokenInfoBuffer
variable.
tokenInfoBuffer=(PTOKEN_USER) ExAllocatePool( NonPagedPool, RetLen );
status=ZwQueryInformationToken(hToken, TokenUser, tokenInfoBuffer,
RetLen,&RetLen);
if ( STATUS_SUCCESS != status )
return STATUS_UNSUCCESSFUL;

userSID=tokenInfoBuffer->User.Sid;
if(RtlValidSid(userSID))
{
KdPrint((“valid userSID”));
}
else
{
KdPrint((“invalid userSID”));
}

ZwClose(hToken);

You are currently subscribed to ntfsd as: xxxxx@criticalsites.com
To unsubscribe send a blank email to xxxxx@lists.osr.com