Skip to main content

 none
Need clarification on IoGetDeviceObjectPointer RRS feed

  • Question

  • Hi All, 

    I am analyzing some code that uses the IoGetDeviceObjectPointer() function to get device object. The function call is invoked like this 

    IoGetDeviceObjectPointer(L"\\DosDevices\\PhysicalDrive1", FILE_READ_ATTRIBUTES, &FileObj, &DevObj); 

    Here it is invoking the call for USB pen drive attached to the system.

    When i see the devstack in the debugger, the devstack is like this "PartMgr->Disk->USB. When i examine the returned FileObj and DevObj, the FileObj->DeviceObject is pointing to "Disk" and DevObj is pointing to "PartMgr". 

    Why the FileObj->DeviceObject is not pointing to "PartMgr" instead pointing to "Disk" device object?

    I came to know that the IoGetDeviceObjectPointer is internally invoking the ZwOpenFile and sending IRP_MJ_CREATE ioctl. I am assuming that "PartMgr" not able to handle "IRP_MJ_CREATE" and it forwards to the disk class, that is the reason FileObj->DeviceObject is pointing to "Disk" .

    Thanks,

    Sai

    Wednesday, November 13, 2019 2:45 PM

Answers

  • No PartMgr can handle IRP_MJ_CREATE.   The description of the routine: "The IoGetDeviceObjectPointer routine returns a pointer to the top object in the named device object's stack and a pointer to the corresponding file object, if the requested access to the objects can be granted." explains it even if it is a little strange.   You are getting the "top object in the named device object's stack" when you get PartMgr and you are getting the valid FileObject which is referring to the disk since you requested PhysicalDrive1.

    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    • Marked as answer by skri Wednesday, November 13, 2019 5:48 PM
    Wednesday, November 13, 2019 5:39 PM

All replies

  • No PartMgr can handle IRP_MJ_CREATE.   The description of the routine: "The IoGetDeviceObjectPointer routine returns a pointer to the top object in the named device object's stack and a pointer to the corresponding file object, if the requested access to the objects can be granted." explains it even if it is a little strange.   You are getting the "top object in the named device object's stack" when you get PartMgr and you are getting the valid FileObject which is referring to the disk since you requested PhysicalDrive1.

    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    • Marked as answer by skri Wednesday, November 13, 2019 5:48 PM
    Wednesday, November 13, 2019 5:39 PM
  • Thanks Don for the clarification.
    Wednesday, November 13, 2019 5:48 PM