ObResgisterCallback returns STATUS_ACCESS_DENIED

Amit_Kulkarni-2 · January 11, 2010, 3:57am

Hi All,

I have written a simple driver that calls ObResgisterCallback from it?s
DriverEntry function. I have registered just pre and post callback for
Processes. But it returns STATUS_ACCESS_DENIED.

I already have a minifilter driver?s altitude and I have used it for
registering. I have compiled my driver with /integritycheck option
and also signed it with /ph option.

We have also tried registration in IOCTL. In this case our user mode
program is a signed exe ie. compiled with /integritycheck option.
Still we got same result.

Thanks & Regards,
Amit.

OSR_Community_User · January 11, 2010, 9:33am

ObRegisterCallbacks requires a signed driver. This requirement is
documentated in the WDK documentation for this call. If you don’t have a
signed driver then you need to disable the signing check by using the F8
boot option, attachach the debugger, or put the system in test signing mode
and test sign the driver. The signing requirements are the same as the 64
bit signing requirements.

Bill Wandel

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
On Behalf Of xxxxx@yahoo.com
Sent: Monday, January 11, 2010 3:57 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] ObResgisterCallback returns STATUS_ACCESS_DENIED

Hi All,

I have written a simple driver that calls ObResgisterCallback from it?s
DriverEntry function. I have registered just pre and post callback for
Processes. But it returns STATUS_ACCESS_DENIED.

I already have a minifilter driver?s altitude and I have used it for
registering. I have compiled my driver with /integritycheck option and also
signed it with /ph option.

We have also tried registration in IOCTL. In this case our user mode program
is a signed exe ie. compiled with /integritycheck option.
Still we got same result.

Thanks & Regards,
Amit.

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

James_Harper · January 11, 2010, 5:35pm

>

ObRegisterCallbacks requires a signed driver. This requirement is
documentated in the WDK documentation for this call.

It appears to be documented in the online wdk documentation, eg
http://msdn.microsoft.com/en-us/library/bb648425.aspx, but not in the
documentation I have in my DDK install. The documentation in my DDK
install is marked as “[This is preliminary documentation and subject to
change.]” though.

James

Amit_Kulkarni-2 · January 12, 2010, 8:25am

Hi All,

I have signed my driver with crosscert. I checked it using
“signtool verify /kp /v mydrv.sys” It shows verified successfully.
Is it wrong with my altitude because I am using altitude of my existing FS Filter driver?

I tested my driver by disabling signing restriction but it gives access denied.

Thanks & Regards,
Amit.

Gary_Little-3 · January 12, 2010, 8:47am

Did you have a host connected running WinDbg?

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@yahoo.com
Sent: Tuesday, January 12, 2010 7:25 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] ObResgisterCallback returns STATUS_ACCESS_DENIED

Hi All,

I have signed my driver with crosscert. I checked it using
“signtool verify /kp /v mydrv.sys” It shows verified successfully.
Is it wrong with my altitude because I am using altitude of my existing FS
Filter driver?

I tested my driver by disabling signing restriction but it gives access
denied.

Thanks & Regards,
Amit.

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus signature
database 4763 (20100112) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature
database 4763 (20100112) __________

The message was checked by ESET Smart Security.

http://www.eset.com

Amit_Kulkarni-2 · January 13, 2010, 12:31am

Hi Gary,

I am testing my driver on VMWare.
WinDbg is connected to Host.

Thanks & Regards,
Amit