STATUS_OBJECT_TYPE_MISMATCH is returned because you specify UserMode and you
do not specify proper type of object. If you look attentivly at
documentation: “If AccessMode is UserMode, the requested access is compared
to the granted access for the object.” , so I am sure you can put KernelMode
and NULL instead of *SeTokenObjectType and it will work, but it does not
solve your original problem as you want to specify UserMode as access level.
When you use UserMode, the ObOpenObjectByPointer is checking the header of
object, more specifically, it’s pHeader->Type field, and if it does not
match POBJECT_TYPE the function returns error. However, if you look at
documentation here: http://msdn.microsoft.com/en-us/library/ms796469.aspx it
mentions that starting from XP SeTokenObjectType is present. However, if you
try to use it in code, the following error message is generated:
{ /// does not even compile …
HANDLE token = 0;
HANDLE hTokenUser = NULL;
PVOID pTokenObj = NULL;
OBJECT_HANDLE_INFORMATION ObjInfo = {0};
ObReferenceObjectByHandle(token, (ACCESS_MASK)TOKEN_QUERY, NULL, UserMode,
&pTokenObj, &ObjInfo);
ObOpenObjectByPointer(pTokenObj, 0, NULL, (ACCESS_MASK)TOKEN_QUERY,
*SeTokenObjectType, UserMode, &hTokenUser);
}
BUILD: Compiling and Linking sampledriver directory
_NT_TARGET_VERSION SET TO WINXP Compiling - main.c
errors in directory sampledriver, sampledriver\sampledriver\main.c(100) :
error C2065: ‘SeTokenObjectType’ : undeclared identifier
sampledriver\sampledriver\main.c(100) : error C2100: illegal indirection
Which makes me to think, that there is some mistake here : ), on Microsoft
side, as if you use PsThreadType, IoFileObjectType etc, it compiles
properly. So, the fix is simple … extern the variable somewhere in global
scope:
/// portion of code
extern POBJECT_TYPE * SeTokenObjectType;
And pass it into ObOpenObjectByPointer in the following way:
ObOpenObjectByPointer(pTokenObj, 0, NULL, (ACCESS_MASK)TOKEN_QUERY,
*(SeTokenObjectType), UserMode, &hTokenUser);
Should work.
–
Volodymyr M. Shcherbyna, blog: http://www.shcherbyna.com/
(This posting is provided “AS IS” with no warranties, and confers no
rights)
wrote in message news:xxxxx@ntdev…
> Hello everyone!
>
> I am trying to get the kernel mode access token and pass it into user mode
> application, so that it can use it. To make it short: my user mode
> application should call SHGetFolderPath and pass a proper user token so
> that it can get user specific paths for Document and Settings and simular
> folders. My kernel driver is getting the access token by sequence of:
> ZwOpenThreadToken or ZwOpenProcessToken functions.
>
> Once I get access token I try to get a user mode handle and I fail to do
> that:
>
> HANDLE hTokenUser = NULL;
> PVOID pTokenObj = NULL;
> OBJECT_HANDLE_INFORMATION ObjInfo = {0};
>
> /// this works
> mystatus = ObReferenceObjectByHandle(hToken, (ACCESS_MASK)TOKEN_QUERY,
> NULL, UserMode, &pTokenObj, &ObjInfo);
>
> /// this does not work
> mystatus = ObOpenObjectByPointer(pTokenObj, 0, NULL,
> (ACCESS_MASK)TOKEN_QUERY, (*SeTokenObjectType), UserMode, &hTokenUser);
>
> The problem is that I can’t use SeTokenObjectType in my code, but the
> weird thing is that it is documented in online MSDN:
> http://msdn.microsoft.com/en-us/library/ms796469.aspx . If I use NULL
> instead of *SeTokenObjectType function returns STATUS_OBJECT_TYPE_MISMATCH
> … If I use other types, I got the same error.
>
> Does anyone has any ideas?
>