The statement about ObOpenObjectByPointer is not correct, you can open
objects that are created in the kernel. In this case I suspect the problem
is that a KSEMAPHORE is not a complete SEMAPHORE that can be used with
ZwCreateSemaphore or user space CreateSemaphore.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Tuesday, February 09, 2016 10:38 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] ObOpenObjectByPointer with KSEMAPHORE got 0xC0000005
Thanks any way.
I got the answer.
The code is totally WRONG
ObOpenObjectByPointer can’t use on a object which is create in kenrel
context.
Ob* functions can only be used for objects created and managed by the object manager, they need the proper object header before them.
Sync objects initialized by KeInitialize* functions cannot be used by Ob* functions.
> In this case I suspect the problem is that a KSEMAPHORE is not a complete SEMAPHORE
that can be used with ZwCreateSemaphore or user space CreateSemaphore.
Exactly - you cannot use Zw and Ob functions with objects that are not managed by the Object Manager, because objects that are meant to be accessed by handle, rather than pointer, must start with an OBJECT_HEADER structure that is followed by the actual object of a given type(KEVENT, KTHREAD,FILE,etc). If you try something the OP does Ob or Zw functions interpret KEVENT, KTHREAD,etc structures as an OBJECT_HEADER one, so that the "result"that the OP gets is perfectly predictable…