OpenEvent problem

Hi guys, I have a weird problem here.
At kernel mode, i use IoCreateNotificationEvent, and at my user-mode, I use OpenEvent, as such:

myEvent = ::OpenEventW(SYNCHRONIZE, FALSE, L"\BaseNamedObjects\eventname");

However, i get an error 161, which is ERROR_BAD_PATHNAME, “The specified path is invalid” as found on msdn.

The weird thing is when i use while(::WaitForSingleObject(&myEvent, INFINITE) , there is no error and everything works fine

I have no idea why this is happening, does anyone have any idea?
THank you

On 8 August 2014 05:41, wrote:

> Hi guys, I have a weird problem here.
> At kernel mode, i use IoCreateNotificationEvent, and at my user-mode, I
> use OpenEvent, as such:
>
> myEvent = ::OpenEventW(SYNCHRONIZE, FALSE,
> L"\BaseNamedObjects\eventname");
>
> However, i get an error 161, which is ERROR_BAD_PATHNAME, “The specified
> path is invalid” as found on msdn.

If OpenEvent succeeded (so myEvent is not NULL), then you cannot use
GetLastError.
This rule apply to most (if not all) api calls that uses GetLastError,
because they doesn’t call SetLastError(ERROR_SUCCESS) when it does success.

Best regards,
Krystian Bigaj

I understand, but I use a if statement to check if myEvent is NULL, and if it is, i will call GetLastError to get the error message.

I even assigned NULL to myEvent (myEvent = NULL) and not call OpenEvent at all, and WaitForSingleObject still works

On 8 August 2014 07:49, wrote:

> I understand, but I use a if statement to check if myEvent is NULL, and if
> it is, i will call GetLastError to get the error message.
>
> I even assigned NULL to myEvent (myEvent = NULL) and not call OpenEvent at
> all, and WaitForSingleObject still works

What do you mean by “still works”? WaitForSingleObject doesn’t return
true/false, please read:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms687032(v=vs.85).aspx

See also:
http://www.osronline.com/showthread.cfm?link=250040

Best regards,
Krystian Bigaj

On Aug 7, 2014, at 8:41 PM, xxxxx@hotmail.com wrote:

Hi guys, I have a weird problem here.
At kernel mode, i use IoCreateNotificationEvent, and at my user-mode, I use OpenEvent, as such:

myEvent = ::OpenEventW(SYNCHRONIZE, FALSE, L"\BaseNamedObjects\eventname");

However, i get an error 161, which is ERROR_BAD_PATHNAME, “The specified path is invalid” as found on msdn.

RIght, because that namespace is only meaningful in kernel mode…

The kernel name ?\BaseNamedObjects\eventname" is opened in user mode as ?eventname?.

Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

I’m sorry, i got the code over here:
http://www.pudn.com/downloads190/sourcecode/windows/freedic/detail891789.html

It is for detecting process creation (ioctls.h, ProcApp.cpp, ProcMon.h and ProcMon.c). I realise that the problem is OpenEvent fails and returns the error 161 which is ERROR_BAD_PATHNAME.

However, I used objdir and the event is created in BaseNamedObjects, but when i call OpenEvent, it fails. Why is that so? Is there anything wrong in the codes?

xxxxx@hotmail.com wrote:

I’m sorry, i got the code over here:
http://www.pudn.com/downloads190/sourcecode/windows/freedic/detail891789.html

It is for detecting process creation (ioctls.h, ProcApp.cpp, ProcMon.h and ProcMon.c). I realise that the problem is OpenEvent fails and returns the error 161 which is ERROR_BAD_PATHNAME.

However, I used objdir and the event is created in BaseNamedObjects, but when i call OpenEvent, it fails. Why is that so? Is there anything wrong in the codes?

My answer seems to have crossed with your follow-up question. Did you
see that I answered your question?


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

hi, so sorry for the late follow-up.
I have tried using this:
myEvent = OpenEventW(SYNCHRONIZE, FALSE, L"eventname");

instead of this:
myEvent = OpenEventW(SYNCHRONIZE, FALSE, L"\BaseNamedObjects\eventname");

And the error i got was 2. which is ERROR_FILE_NOT_FOUND.

On Aug 10, 2014, at 6:33 PM, xxxxx@hotmail.com wrote:

hi, so sorry for the late follow-up.
I have tried using this:
myEvent = OpenEventW(SYNCHRONIZE, FALSE, L"eventname");

instead of this:
myEvent = OpenEventW(SYNCHRONIZE, FALSE, L"\BaseNamedObjects\eventname");

And the error i got was 2. which is ERROR_FILE_NOT_FOUND.

It should have occurred to me that you?d need L?Global\eventname?.

Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

You should not use BaseNamedObjects?. It is most probably reserved. I can’t find any documentation citing this object.

Your driver can use ZwCreateDirectoryObject to create his main directory \MyDriverDir and then create the event object named \MyDriverDir\MyEvent .

As Tim cited, the WIN32 name of the same event would be GLOBAL\MyDriverDir\MyEvent .

If you face security access issues than you must provide a security descriptor in kernel mode (InitializeObjectAttributes).

Use the SysInternal WinObj tool to walk the global object namespace and check objects security.

You should read this page:

http://msdn.microsoft.com/en-us/library/windows/desktop/aa382954(v=vs.85).aspx

Thank you so much! It finally worked!
You have been such a great help, I am really thankful and appreciate it a lot… thank you so much again.

Hope that this can help anyone facing the same problem as me. Also, i ran the application as administrator, if not there will be problems with access rights to the event!

The far simpler, and more secure!, way to do this is to create an unnamed event in um and the pass the handle to km, convert it to the PKEVENT and then deref it when done. Since your event has a name, anyone can open it or squat on it.

d

Bent from my phone


From: xxxxx@hotmail.commailto:xxxxx
Sent: ?8/?10/?2014 7:58 PM
To: Windows System Software Devs Interest Listmailto:xxxxx
Subject: RE:[ntdev] OpenEvent problem

Thank you so much! It finally worked!
You have been such a great help, I am really thankful and appreciate it a lot… thank you so much again.

Hope that this can help anyone facing the same problem as me. Also, i ran the application as administrator, if not there will be problems with access rights to the event!


NTDEV is sponsored by OSR

Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev

OSR is HIRING!! See http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer</mailto:xxxxx></mailto:xxxxx>

To summarise, I solved the problem using Tim’s solution:
I used the following:
HANDLE event = OpenEvent(…, …, L"Global\eventname"); at user-mode.

and then, WaitForSingleObject(&event, INFINITE)

And then make sure application can run at administrator level to prevent ACCESS_DENIED (GetLastError == 5).

Thanks everyone for your help! really appreciate it.

>And then make sure application can run at administrator level to prevent
ACCESS_DENIED (GetLastError == 5).

And then it won’t work when an user doesn’t have local administrator privileges.

Sorry, the BaseNamedObjects directory is mentionned in the IoCreateSynchronizationEvent documentation page.