ObOpenObjectByPointer with KSEMAPHORE got 0xC0000005

The code is here:

KSEMAPHORE SEM = {0};
HANDLE hSem = NULL;
NTSTATUS st;

KeInitializeSemaphore(&SEM, 0, 10);
__try
{
/// ObOpenObjectByPointer Always raise a exception:0xc0000005
st = ObOpenObjectByPointer(&SEM, OBJ_KERNEL_HANDLE, NULL, SEMAPHORE_QUERY_STATE, *ExSemaphoreObjectType, KernelMode, &hSem);
DbgPrint(“0x%p”, st);
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
DbgBreakPoint();
}

I had test on Event/Process/thread Object, all works fine.
but just can’t work with KSEMAPHORE object.
I’m so had.
Could someone help me ?
thx

Access violation.

Is the storage allocated for your sempahore in non-paged pool? From the example you’ve provided, it doesn’t look like it is.

I also would be suspicious of the ACCESS_MASK you’re passing… for simplicity, I’d try STANDARD_RIGHTS_ALL.

Peter
OSR
@OSRDrivers

To Peter Viscarola:

The sempahore storages in global variable.

And I tried to set STANDARD_RIGHTS_ALL as ACCESS_MASK . It also got a exception.

The test code is very simply . I had test on xp , win7. All got same result.

It seems the system does not allow to open sempahore object.

By the way , Is there any way to create a named sempahore in driver? I found nothing about this on msdn.

Thanks any way.

I got the answer.

The code is totally WRONG

ObOpenObjectByPointer can’t use on a object which is create in kenrel context.

The statement about ObOpenObjectByPointer is not correct, you can open
objects that are created in the kernel. In this case I suspect the problem
is that a KSEMAPHORE is not a complete SEMAPHORE that can be used with
ZwCreateSemaphore or user space CreateSemaphore.

Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@gmail.com
Sent: Tuesday, February 09, 2016 10:38 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] ObOpenObjectByPointer with KSEMAPHORE got 0xC0000005

Thanks any way.

I got the answer.

The code is totally WRONG

ObOpenObjectByPointer can’t use on a object which is create in kenrel
context.


NTDEV is sponsored by OSR

Visit the list online at:
http:

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software
drivers!
Details at http:

To unsubscribe, visit the List Server section of OSR Online at
http:</http:></http:></http:>

@DonBurn:

Everybody here is missing the real issue:

Ob* functions can only be used for objects created and managed by the object manager, they need the proper object header before them.
Sync objects initialized by KeInitialize* functions cannot be used by Ob* functions.

to Alex Grig:
You are right!

> In this case I suspect the problem is that a KSEMAPHORE is not a complete SEMAPHORE

that can be used with ZwCreateSemaphore or user space CreateSemaphore.

Exactly - you cannot use Zw and Ob functions with objects that are not managed by the Object Manager, because objects that are meant to be accessed by handle, rather than pointer, must start with an OBJECT_HEADER structure that is followed by the actual object of a given type(KEVENT, KTHREAD,FILE,etc). If you try something the OP does Ob or Zw functions interpret KEVENT, KTHREAD,etc structures as an OBJECT_HEADER one, so that the "result"that the OP gets is perfectly predictable…

Anton Bassov

Bravo! Mr. Grig is THE man.

The simple answer is the right answer. Right in front of our noses.

Peter
OSR
@OSRDrivers