On rare occasion when I call ZwCreateSection it returns
STATUS_INVALID_USER_BUFFER. Since no buffer is actually passed, except
&hSection which is a local variable, I am perplexed as to what the
problem could be.
In this case my service process is passing the driver an open File
Object (pFileObject), I call ObOpenObjectByPointer to get a handle into
“KernelHandle” that is passed to ZwCreateSection. The file in question
is a .pst file which is open so I’m mapping it so I can read locked
data. This normally works, so why in some cases does it not?
Below is the code.
Thanks,
Ken
status = ObOpenObjectByPointer(
pFileObject, //IN
PVOID Object,
OBJ_KERNEL_HANDLE, //IN ULONG
HandleAttributes,
NULL, //IN
PACCESS_STATE PassedAccessState OPTIONAL,
0,
//IN ACCESS_MASK DesiredAccess,
*IoFileObjectType, //IN
POBJECT_TYPE ObjectType,
KernelMode, //IN
KPROCESSOR_MODE AccessMode,
&KernelHandle //OUT
PHANDLE Handle
);
if (NT_SUCCESS(status))
{
status = ZwCreateSection(
&hSection, //OUT
PHANDLE SectionHandle,
SECTION_MAP_READ,
//SECTION_ALL_ACCESS, // IN ACCESS_MASK DesiredAccess,
NULL, //
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
NULL, //IN
PLARGE_INTEGER MaximumSize OPTIONAL,
PAGE_READONLY, //IN ULONG
SectionPageProtection,
SEC_COMMIT, //IN ULONG
AllocationAttributes,
KernelHandle //IN
HANDLE FileHandle OPTIONAL
);