I am currently developing a driver which reads from a given physical sector. I have a working code which retrieves physical drives in the system with use of ObReferenceObjectByName() undocumented function. I have tried for a week to find alternative for this without any success. I tried with ZwCreateFile() then ObReferenceObjectByHandle() functions for “\Driver\Disk” / “\Device\Harddisk0” / “\Device\Harddisk0(DR0/DP0)” options and it ended up in either BSOD or OBJECT_TYPE_MISMATCH error. I then tried with IoCreateDevice() function which threw NAME_COLLISION error. Then I came across function IoGetDevicePointer() which again gave me OBJECT_TYPE_MISMATCH error.
I want to avoid ObReferenceByName() function as it’s undocumented. Is there any other alternative through which I can retrieve physical disk device objects in the system?
> One crucial information I forgot to mention is that this all is done from > DriverEntry() routine. Does it affect? > > — > NTDEV is sponsored by OSR > > Visit the list online at: < > http://www.osronline.com/showlists.cfm?list=ntdev> > > MONTHLY seminars on crash dump analysis, WDF, Windows internals and > software drivers! > Details at http: > > To unsubscribe, visit the List Server section of OSR Online at < > http://www.osronline.com/page.cfm?name=ListServer> ></http:>
I guess you incorrectly provided the object type for ObReferenceObjectByName. Depending on the declaration this could be ObReferenceObjectByName( …, *ObjectType, … ) or ObReferenceObjectByName( …, ObjectType, … ). The former is common with WDK headers where they are declared as
IoGetDeviceObjectPointer() is the routine I used as an alternate for ObReferenceObjectByName(). But as mentioned on the above thread, I used file object’s device object instead of the device object function returned.
Anyone trying to figure out/ implement the same please go through above thread.