ObRegisterCallbacks
in [Device Drivers]
|
Prev: Identifying the cause of Code 12 error
Next: how do i know when to set callback to paged or not paged?
From: Emmanuel Thioux on 18 Jun 2010 15:13 Hi, I wanted to investigate that particular API because I'm in the process of re-designing some driver that we use internally. Our driver uses a lot of SSDT hooking and other things like that so, I want to make this go away and use proper Windows Kernel methods. Anyway, I wrote a little bit of code to register some callbacks via the ObRegisterCallbacks(...) API and it invariably returned a 0xC0000022 (ACCESS_DENIED), which according to the MSDN documentation means that the call was not made from a signed kernel module. Fair enough I suppose so I ended up creating a certificate with store and .cat file (created with inf2cat). I signed the .cat file as well as the .sys file and I installed the certificate in the root as well as the trusted providers branch. Installed the driver via the .INF that I have (it's a mini filter so no need for Devcon). Tested on Windows 7 32bit and I still got the same error code. So, I recompiled my stuff for 64bit, resigned the stuff and installed on a 64bit Windows 7. The install went fine (I have the driver signing verification turned on) so I know that the driver is recognized as being signed. Tested that as well and the API still returned the same error. I'm running out of ideas here. Did anyone ever tried that particular API and if yes, was it successful or did it fail for the same reason? TIA.
From: Scott Noone on 20 Jun 2010 09:37 Did you specify /integritycheck in your linker options? -scott -- Scott Noone Consulting Associate OSR Open Systems Resources, Inc. http://www.osronline.com "Emmanuel Thioux" <manu95065(a)gmail.com> wrote in message news:5e11da93-aa60-4095-8ab1-2c173319674b(a)5g2000vbf.googlegroups.com... > Hi, > > I wanted to investigate that particular API because I'm in the process > of re-designing some driver that we use internally. Our driver uses a > lot of SSDT hooking and other things like that so, I want to make this > go away and use proper Windows Kernel methods. > > Anyway, I wrote a little bit of code to register some callbacks via > the ObRegisterCallbacks(...) API and it invariably returned a > 0xC0000022 (ACCESS_DENIED), which according to the MSDN documentation > means that the call was not made from a signed kernel module. > > Fair enough I suppose so I ended up creating a certificate with store > and .cat file (created with inf2cat). I signed the .cat file as well > as the .sys file and I installed the certificate in the root as well > as the trusted providers branch. > Installed the driver via the .INF that I have (it's a mini filter so > no need for Devcon). Tested on Windows 7 32bit and I still got the > same error code. So, I recompiled my stuff for 64bit, resigned the > stuff and installed on a 64bit Windows 7. The install went fine (I > have the driver signing verification turned on) so I know that the > driver is recognized as being signed. > > Tested that as well and the API still returned the same error. I'm > running out of ideas here. Did anyone ever tried that particular API > and if yes, was it successful or did it fail for the same reason? > > TIA.
From: Manny on 21 Jun 2010 13:06 On Jun 20, 6:37 am, "Scott Noone" <sno...(a)osr.com> wrote: > Did you specify /integritycheck in your linker options? > > -scott > > -- > Scott Noone > Consulting Associate > OSR Open Systems Resources, Inc.http://www.osronline.com > I didn't check that. I will try right away, thank you!
From: Manny on 21 Jun 2010 13:25
Thanks again! That solved my little problem. Now I can see what sort of notifications I get and how I can use them. --Manny On Jun 21, 10:06 am, Manny <manu95...(a)gmail.com> wrote: > On Jun 20, 6:37 am, "Scott Noone" <sno...(a)osr.com> wrote: > > > Did you specify /integritycheck in your linker options? > > > -scott > > > -- > > Scott Noone > > Consulting Associate > > OSR Open Systems Resources, Inc.http://www.osronline.com |