{"id":185,"date":"2010-04-18T00:18:38","date_gmt":"2010-04-18T09:18:38","guid":{"rendered":"\/blog\/?p=185"},"modified":"2023-09-21T09:39:13","modified_gmt":"2023-09-21T00:39:13","slug":"ddk-ms%ec%97%90%ec%84%9c-%ea%b3%b5%ea%b0%9c%ed%95%98%ec%a7%80-%ec%95%8a%ec%9d%80-%ed%95%a8%ec%88%98-obopenobjectbyname-%eb%82%b4%eb%b6%80-%ec%bd%94%eb%93%9c","status":"publish","type":"post","link":"https:\/\/hasu0707.duckdns.org\/blog\/?p=185","title":{"rendered":"[DDK] MS\uc5d0\uc11c \uacf5\uac1c\ud558\uc9c0 \uc54a\uc740 \ud568\uc218 ObOpenObjectByName() \ub0b4\ubd80 \ucf54\ub4dc"},"content":{"rendered":"\n<div class=\"dp-highlighter\">\n<div class=\"bar\">\n<\/div>\n<ol class=\"dp-cpp\"><li class=\"alt\"><span><span>NTSTATUS&nbsp; &nbsp; <\/span><\/span> \n<\/li><li><span>STDCALL &nbsp; <\/span> \n<\/li><li class=\"alt\"><span>ObOpenObjectByName( &nbsp; <\/span> \n<\/li><li><span>&nbsp; POBJECT_ATTRIBUTES ObjectAttributes, &nbsp; <\/span> \n<\/li><li class=\"alt\"><span>&nbsp; POBJECT_TYPE ObjectType, &nbsp; <\/span> \n<\/li><li><span>&nbsp; <\/span><span class=\"datatypes\"><strong><font color=\"#2e8b57\">PVOID<\/font><\/strong><\/span><span>&nbsp;ParseContext, &nbsp; <\/span> \n<\/li><li class=\"alt\"><span>&nbsp; KPROCESSOR_MODE AccessMode, &nbsp; <\/span> \n<\/li><li><span>&nbsp; ACCESS_MASK DesiredAccess, &nbsp; <\/span> \n<\/li><li class=\"alt\"><span>&nbsp; PACCESS_STATE PassedAccessState, &nbsp; <\/span> \n<\/li><li><span>&nbsp; <\/span><span class=\"datatypes\"><strong><font color=\"#2e8b57\">PHANDLE<\/font><\/strong><\/span><span>&nbsp;Handle &nbsp; <\/span> \n<\/li><li class=\"alt\"><span>&nbsp; ) &nbsp; <\/span> \n<\/li><li><span>{ &nbsp; <\/span> \n<\/li><li class=\"alt\"><span>&nbsp; &nbsp;UNICODE_STRING RemainingPath; &nbsp; <\/span> \n<\/li><li><span>&nbsp; &nbsp;<\/span><span class=\"datatypes\"><strong><font color=\"#2e8b57\">PVOID<\/font><\/strong><\/span><span>&nbsp;Object =&nbsp;NULL; &nbsp; <\/span> \n\n<\/li><li class=\"alt\"><span>&nbsp; &nbsp;NTSTATUS Status; &nbsp; <\/span> \n<\/li><li><span>&nbsp; <\/span> \n<\/li><li class=\"alt\"><span>&nbsp; &nbsp;DPRINT(<\/span><span class=\"string\"><font color=\"#0000ff\">\"ObOpenObjectByName()\\n\"<\/font><\/span><span>); &nbsp; <\/span> \n<\/li><li><span>&nbsp; <\/span> \n<\/li><li class=\"alt\"><span>&nbsp; &nbsp;Status =&nbsp;ObFindObject(ObjectAttributes, &nbsp; <\/span> \n<\/li><li><span>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&amp;Object, &nbsp; <\/span> \n<\/li><li class=\"alt\"><span>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&amp;RemainingPath, \n &nbsp;<\/span> \n<\/li><li><span>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;ObjectType &nbsp; <\/span> \n<\/li><li class=\"alt\"><span>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;); &nbsp; <\/span> \n<\/li><li><span>&nbsp; &nbsp;<\/span><span class=\"keyword\"><strong><font color=\"#006699\">if<\/font><\/strong><\/span><span>&nbsp;(!NT_SUCCESS(Status)) \n &nbsp;<\/span> \n<\/li><li class=\"alt\"><span>&nbsp; &nbsp; &nbsp;{ &nbsp; <\/span> \n<\/li><li><span>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <\/span><span class=\"keyword\"><strong><font color=\"#006699\">return<\/font><\/strong><\/span><span>&nbsp;Status; &nbsp; <\/span> \n<\/li><li class=\"alt\"><span>&nbsp; &nbsp; &nbsp;} &nbsp; <\/span> \n<\/li><li><span>&nbsp; <\/span> \n<\/li><li class=\"alt\"><span>&nbsp; &nbsp;<\/span><span class=\"keyword\"><strong><font color=\"#006699\">if<\/font><\/strong><\/span><span>&nbsp;(RemainingPath.Buffer != NULL || \n &nbsp;<\/span> \n<\/li><li><span>&nbsp; &nbsp; &nbsp; &nbsp;Object == NULL) &nbsp; <\/span> \n<\/li><li class=\"alt\"><span>&nbsp; &nbsp; &nbsp;{ &nbsp; <\/span> \n<\/li><li><span>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; RtlFreeUnicodeString(&amp;RemainingPath); &nbsp; <\/span> \n<\/li><li class=\"alt\"><span>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <\/span><span class=\"keyword\"><strong><font color=\"#006699\">return<\/font><\/strong><\/span><span>&nbsp;STATUS_UNSUCCESSFUL; \n &nbsp;<\/span> \n<\/li><li><span>&nbsp; &nbsp; &nbsp;} &nbsp; <\/span> \n<\/li><li class=\"alt\"><span>&nbsp; <\/span> \n<\/li><li><span>&nbsp; &nbsp;Status =&nbsp;ObCreateHandle(PsGetCurrentProcess(), &nbsp; <\/span> \n<\/li><li class=\"alt\"><span>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Object, &nbsp; <\/span> \n<\/li><li><span>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;DesiredAccess, &nbsp; <\/span> \n<\/li><li class=\"alt\"><span>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;FALSE, &nbsp; <\/span> \n<\/li><li><span>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Handle &nbsp; <\/span> \n<\/li><li class=\"alt\"><span>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ); &nbsp; <\/span> \n<\/li><li><span>&nbsp; <\/span> \n<\/li><li class=\"alt\"><span>&nbsp; &nbsp;ObDereferenceObject(Object); &nbsp; <\/span> \n<\/li><li><span>&nbsp; &nbsp;RtlFreeUnicodeString(&amp;RemainingPath); &nbsp; <\/span> \n<\/li><li class=\"alt\"><span>&nbsp; <\/span> \n<\/li><li><span>&nbsp; &nbsp;<\/span><span class=\"keyword\"><strong><font color=\"#006699\">return<\/font><\/strong><\/span><span>&nbsp;Status; &nbsp; <\/span> \n<\/li><li class=\"alt\"><span>} &nbsp;<\/span><\/li><\/ol><\/div>\n<p>&lt;TEXTAREA class=\"cpp\" style=\"DISPLAY: none\" name=code rows=10 \ncols=60&gt;NTSTATUS STDCALL ObOpenObjectByName( POBJECT_ATTRIBUTES \nObjectAttributes, POBJECT_TYPE ObjectType, PVOID ParseContext, KPROCESSOR_MODE \nAccessMode, ACCESS_MASK DesiredAccess, PACCESS_STATE PassedAccessState, PHANDLE \nHandle ) { UNICODE_STRING RemainingPath; PVOID Object = NULL; NTSTATUS Status; \nDPRINT(\"ObOpenObjectByName()\\n\"); Status = ObFindObject(ObjectAttributes, \n&amp;Object, &amp;RemainingPath, ObjectType ); if (!NT_SUCCESS(Status)) { return \nStatus; } if (RemainingPath.Buffer != NULL || Object == NULL) { \nRtlFreeUnicodeString(&amp;RemainingPath); return STATUS_UNSUCCESSFUL; } Status = \nObCreateHandle(PsGetCurrentProcess(), Object, DesiredAccess, FALSE, Handle ); \nObDereferenceObject(Object); RtlFreeUnicodeString(&amp;RemainingPath); return \nStatus; } &lt;\/TEXTAREA&gt; <br \/><br \/>MS\uc5d0\uc11c \uacf5\uac1c\ud558\uc9c0 \uc54a\uc740 \ud568\uc218\ub85c <br \/><br \/>\uc2ec\ubcfc\ub9ad \uc720\ub2c8\ucf54\ub4dc\uc774\ub984\uc5d0 \ub300\ud55c \n<font color=\"#ff0000\">\ud578\ub4e4\uc758 \ud5e4\ub354\ub97c \uac00\uc838 \uc624\ub294 \ud568\uc218<\/font>\uc774\ub2e4.<br \/><br \/>\uc2dc\uc2a4\ud15c \ub0b4\ubd80\uc758 \ud578\ub4e4 \ud14c\uc774\ube14\uc5d0\uc11c \uac80\uc0c9\ud574\uc11c \n\uac00\uc838\uc628\ub2e4.<br \/><br \/>\uadf8\ub9ac\uace0 <font color=\"#ff7635\">ObReferenceObjectByHandle<\/font>()\uc744 \n\ud638\ucd9c\ud574\uc11c<br \/><br \/>\ud5e4\ub354\uc5d0 \ub300\ud55c \ubc14\ub514\ub97c \uac00\uc838\uc640\uc57c\ud55c\ub2e4<br \/><br \/>React OS\uc5d0\uc11c \ucc38\uc870\ud588\ub2e4. <\/p>\n<p>&nbsp;<\/p>\n<p>\ucd9c\ucc98 : <a class=\"con_link\" href=\"http:\/\/ssmhz.tistory.com\/158\" target=\"_blank\" rel=\"noopener\">http:\/\/ssmhz.tistory.com\/158<\/a>&nbsp;\n<\/p><p><br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>NTSTATUS&nbsp; &nbsp; STDCALL &nbsp; ObOpenObjectByName( &nbsp; &nbsp; POBJECT_ATTRIBUTES ObjectAttributes, &nbsp; &nbsp; POBJECT_TYPE ObjectType, &nbsp; &nbsp; PVOID&nbsp;ParseContext, &nbsp; &nbsp; KPROCESSOR_MODE AccessMode, &nbsp; &nbsp; ACCESS_MASK DesiredAccess, &nbsp; &nbsp; PACCESS_STATE PassedAccessState, &nbsp; &nbsp; PHANDLE&nbsp;Handle &nbsp; &nbsp; ) &nbsp; { &nbsp; &nbsp; &nbsp;UNICODE_STRING RemainingPath; &nbsp; &nbsp; &nbsp;PVOID&nbsp;Object =&nbsp;NULL; &nbsp; &nbsp; &nbsp;NTSTATUS Status; &nbsp; &nbsp; &nbsp; &nbsp;DPRINT(&#8220;ObOpenObjectByName()\\n&#8221;); &nbsp; &nbsp; &nbsp; [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_import_markdown_pro_load_document_selector":0,"_import_markdown_pro_submit_text_textarea":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[24],"tags":[],"class_list":["post-185","post","type-post","status-publish","format-standard","hentry","category-development_winddk"],"_links":{"self":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/185","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=185"}],"version-history":[{"count":0,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/185\/revisions"}],"wp:attachment":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=185"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=185"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=185"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}