locked
DD_Proxy Example , what does this function do "ObReferenceObjectByHandle" ? RRS feed

  • Question

  • what does this function do :

    status = ObReferenceObjectByHandle(

                   threadHandle,

                   0,

                   NULL,

                   KernelMode,

                   &gThreadObj,

                   NULL

                   );

    Saturday, September 25, 2010 7:57 AM

Answers

  • An MSDN search should answer your question: http://msdn.microsoft.com/en-us/library/ff558679(VS.85).aspx

    Essentially this gets a global pointer to the thread object.

    Hope this helps


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Saturday, September 25, 2010 10:16 PM
    Moderator
  • It's used to allow for a graceful shutdown / driver unload.  Essentially its a mechanism to tell the injetion thread to flush it's queue and prepare to terminate. (the thread is waited on in the driver unload logic)

    Hope this helps


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Monday, September 27, 2010 8:17 PM
    Moderator

All replies

  • An MSDN search should answer your question: http://msdn.microsoft.com/en-us/library/ff558679(VS.85).aspx

    Essentially this gets a global pointer to the thread object.

    Hope this helps


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Saturday, September 25, 2010 10:16 PM
    Moderator
  • still confused why it use this function ..

    i have read about it in msdn and WDK docmentation but still does not understand why it used?

     

    i have a problem that documentation does not explain conceptual idias .. it explains (mostly) syntax ...

    does any one kindly prepare vedio and explain the dd_proxy example .. it would be agreat work .. documentation still not enough .. i think

    why there is not a you tube channel for WFP ...

     

    Sunday, September 26, 2010 12:45 AM
  • still confused why it use this function ..

    i have read about it in msdn and WDK docmentation but still does not understand why it used?

     

    i have a problem that documentation does not explain conceptual idias .. it explains (mostly) syntax ...

    does any one kindly prepare vedio and explain the dd_proxy example .. it would be agreat work .. documentation still not enough .. i think

    why there is not a you tube channel for WFP ...

     

    Sunday, September 26, 2010 12:45 AM
  • It's used to allow for a graceful shutdown / driver unload.  Essentially its a mechanism to tell the injetion thread to flush it's queue and prepare to terminate. (the thread is waited on in the driver unload logic)

    Hope this helps


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Monday, September 27, 2010 8:17 PM
    Moderator