jimstar
asked on
WDM/DDK defines for OBJECT_TYPE, etc
I'm trying to obtain a filename from an OBJECT_ATTRIBUTES struct.
I've copied the function prototype for ObReferenceObjectByHandle from http://www.osronline.com/ddkx/kmarch/k107_54qa.htm. I then obtained the OBJECT_ATTRIBUTES struct definition from http://msdn2.microsoft.com/en-us/library/aa491657.aspx.
However, even though MS gives the OBJECT_ATTRIBUTES definition on MSDN, they don't give its member OBJECT_TYPE. All they say is "OBJECT_TYPE is an opaque structure that specifies the object type of a handle" (http://msdn2.microsoft.com/en-us/library/aa491647.aspx).
Am I missing something? Shouldn't this be easier? I have the DDK installed but a grep doesn't reveal the definition for _OBJECT_TYPE in any of the files.
Can someone give me a hand in obtaining all of the definitions needed to convert the OBJECT_ATTRIBUTES over to a filename? Thanks.
I've copied the function prototype for ObReferenceObjectByHandle from http://www.osronline.com/ddkx/kmarch/k107_54qa.htm. I then obtained the OBJECT_ATTRIBUTES struct definition from http://msdn2.microsoft.com/en-us/library/aa491657.aspx.
However, even though MS gives the OBJECT_ATTRIBUTES definition on MSDN, they don't give its member OBJECT_TYPE. All they say is "OBJECT_TYPE is an opaque structure that specifies the object type of a handle" (http://msdn2.microsoft.com/en-us/library/aa491647.aspx).
Am I missing something? Shouldn't this be easier? I have the DDK installed but a grep doesn't reveal the definition for _OBJECT_TYPE in any of the files.
Can someone give me a hand in obtaining all of the definitions needed to convert the OBJECT_ATTRIBUTES over to a filename? Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks - the nirsoft site is great, with hyperlinked object types. I'm working through all of the sub-types/structs right now... there sure are a lot for this struct.
ASKER
I've spent almost two hours copying structs and types from the websites into my code, and still have more undefined subtypes. I also can't #include <ntddk.h>, etc, because it keeps giving me redefinition problems between ntstatus.h and winnt.h, for example.
Do you know of any easier way to get that function working, than to copy each struct into my code manually? Perhaps I'm missing something easy. I've never tried to include DDK headers into a non-DDK project before.
Do you know of any easier way to get that function working, than to copy each struct into my code manually? Perhaps I'm missing something easy. I've never tried to include DDK headers into a non-DDK project before.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Appears to have cleared up except for PSINGLE_LIST_ENTRY problems. Still playing with it... if you have any ideas please let me know.
from ntddk.h:
InterlockedPushEntrySList(
(PSLIST_ENTRY)Entry);
1>c:\winddk\3790.1830\inc\
1> Types pointed to are unrelated; conversion requires reinterpret_cast, C-style cast or function-style cast
1>c:\winddk\3790.1830\inc\
1> Types pointed to are unrelated; conversion requires reinterpret_cast, C-style cast or function-style cast
.....
1>c:\winddk\3790.1830\inc\
1> Types pointed to are unrelated; conversion requires reinterpret_cast, C-style cast or function-style cast
1>c:\winddk\3790.1830\inc\
1> Types pointed to are unrelated; conversion requires reinterpret_cast, C-style cast or function-style cast
from ntddk.h:
InterlockedPushEntrySList(
(PSLIST_ENTRY)Entry);
1>c:\winddk\3790.1830\inc\
1> Types pointed to are unrelated; conversion requires reinterpret_cast, C-style cast or function-style cast
1>c:\winddk\3790.1830\inc\
1> Types pointed to are unrelated; conversion requires reinterpret_cast, C-style cast or function-style cast
.....
1>c:\winddk\3790.1830\inc\
1> Types pointed to are unrelated; conversion requires reinterpret_cast, C-style cast or function-style cast
1>c:\winddk\3790.1830\inc\
1> Types pointed to are unrelated; conversion requires reinterpret_cast, C-style cast or function-style cast
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I didn't have it before, but when I added it nothing changed.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That causes an additional error:
1>c:\<pathremoved>\<filena
1> c:\winddk\3790.1830\inc\wx
1>c:\<pathremoved>\<filena
1> c:\winddk\3790.1830\inc\wx
ASKER
If I comment out the ndis.h file, like this:
//#include <ndis.h>
using ::PSINGLE_LIST_ENTRY;
#include <ntddk.h>
#include <ntstatus.h>
Then, I only get the following error:
1>c:\winddk\3790.1830\inc\
1> c:\winddk\3790.1830\inc\wx
Lines 1138-1140 are:
typedef struct _SINGLE_LIST_ENTRY {
struct _SINGLE_LIST_ENTRY *Next;
} SINGLE_LIST_ENTRY, *PSINGLE_LIST_ENTRY;
//#include <ndis.h>
using ::PSINGLE_LIST_ENTRY;
#include <ntddk.h>
#include <ntstatus.h>
Then, I only get the following error:
1>c:\winddk\3790.1830\inc\
1> c:\winddk\3790.1830\inc\wx
Lines 1138-1140 are:
typedef struct _SINGLE_LIST_ENTRY {
struct _SINGLE_LIST_ENTRY *Next;
} SINGLE_LIST_ENTRY, *PSINGLE_LIST_ENTRY;
Can you move all Windows-related headers after the namespace section?
ASKER
Moved windows.h after the NT namespace, which produced target archetecture unknown errors. Defining _X86_ caused way more errors. Putting basetsd.h, ntdef.h, and ndis.h at the beginning of the NT namespace helped, but the old PSINGLE_LIST_ENTRY errors were still there (along with some new undefined errors in the DDK includes).
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Got rid of the errors. Not sure why using the DDK calls outside of the DDK build environment is so messy. Still have to get the calls working to grab the filename, but if I have trouble with that I'll post a different question. Thanks!
You're most welcome ;o)
ASKER
IN HANDLE Handle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_TYPE ObjectType OPTIONAL, <-- missing
IN KPROCESSOR_MODE AccessMode, <-- missing
OUT PVOID *Object,
OUT POBJECT_HANDLE_INFORMATION
);
typedef struct _OBJECT_ATTRIBUTES {
ULONG Length;
HANDLE RootDirectory;
PUNICODE_STRING ObjectName;
ULONG Attributes;
PVOID SecurityDescriptor; // Points to type SECURITY_DESCRIPTOR
PVOID SecurityQualityOfService; // Points to type SECURITY_QUALITY_OF_SERVIC
} OBJECT_ATTRIBUTES;
typedef OBJECT_ATTRIBUTES *POBJECT_ATTRIBUTES;
Looks like I'm missing POBJECT_TYPE (_OBJECT_TYPE), KPROCESSOR_MODE (and the associated values), and POBJECT_HANDLE_INFORMATION