Windows Vista Tips
Home Register Members Search Windows Vista Tips File Database Links
Member Login:

Windows Vista Tips > Newsgroups > Windows Vista Drivers > ObRegisterCallbacks

Reply
Thread Tools Display Modes

ObRegisterCallbacks

 
 
Junior Member
Join Date: Jul 2010
Posts: 1

 
      07-12-2010
Hi,
I am writing a Minifilter driver which filters registry and file access.
Now I want to filter process objects using the ObRegisterCallbacks API.

The call fails with BSOD and error 0x000000CE (DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERAT IONS). Any idea?

I use windows 7 and the driver uses CmRegisterCallbacks for registry, FltRegisterFilter, device IO controls and PsSetCreateProcessNotifyRoutine (no kind of hook whatsoever).

The relevant code:

Code:
#if (NTDDI_VERSION >= NTDDI_VISTASP1)
    USHORT filterVersion = ObGetFilterVersion();
    if (filterVersion != OB_FLT_REGISTRATION_VERSION)
    	rc = STATUS_NOT_SUPPORTED;

    if (NT_SUCCESS(rc))
    {
    	OB_OPERATION_REGISTRATION ObOperationRegistration[] =
    	{
    	    { PsProcessType, OB_OPERATION_HANDLE_CREATE | OB_OPERATION_HANDLE_DUPLICATE,
    	      &Proc::ObPreCallback, &Proc::ObPostCallback },
    	    { PsThreadType, OB_OPERATION_HANDLE_CREATE | OB_OPERATION_HANDLE_DUPLICATE,
    	      &Proc::ObPreCallback, &Proc::ObPostCallback },
    	};

    	OB_CALLBACK_REGISTRATION ObCallbackRegistration =
    	{
    	    OB_FLT_REGISTRATION_VERSION,
    	    _countof(ObOperationRegistration),
    	    { Drv::Altitude.Length, Drv::Altitude.MaximumLength, Drv::Altitude.Buffer },
   	    NULL,
    	    ObOperationRegistration,
    	};

	ObRegistrationHandle = NULL;
	rc = ObRegisterCallbacks(&ObCallbackRegistration, &ObRegistrationHandle);
    }
#else
#error TODO
#endif

PVOID Proc::ObRegistrationHandle;

OB_PREOP_CALLBACK_STATUS Proc::ObPreCallback(PVOID RegistrationContext,
					     POB_PRE_OPERATION_INFORMATION OperationInformation)
{
    return OB_PREOP_SUCCESS;
}

void Proc::ObPostCallback(PVOID RegistrationContext,
			  POB_POST_OPERATION_INFORMATION OperationInformation)
{
}
 
Reply With Quote
 
 
 
Reply

« confused about the WFP api names | Re: IO port resource conflict »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: ObRegisterCallbacks Scott Noone Windows Vista Drivers 0 06-20-2010 01:37 PM


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Windows Vista Tips - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59