A forum for reverse engineering, OS internals and malware analysis 

How access my driver using CreateFile() api?

Ask your beginner questions here.
 Topic locked

How access my driver using CreateFile() api?

 #30720  by fl4shc0d3r
 Sat Aug 12, 2017 3:41 pm
I have a Delphi code where i want send a command to my driver, but CreateFile() cannot find device location.

here is my use of CreateFile():
Code: Select all
hDevice := CreateFileW('\\.\XXX', GENERIC_ALL, 0,
    PSECURITY_DESCRIPTOR(nil), OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
and in my device with symbolic link:
Code: Select all
const WCHAR deviceNameBuffer[] = L"\\Device\\XXX";
const WCHAR deviceSymLinkBuffer[] = L"\\??\\XXX";
PDEVICE_OBJECT g_MyDevice

/////////////////// DriverEntry() /////////////////////

UNICODE_STRING deviceNameUnicodeString, deviceSymLinkUnicodeString;
 
 // Normalize name and symbolic link.
 RtlInitUnicodeString (&deviceNameUnicodeString,
   deviceNameBuffer);
 RtlInitUnicodeString (&deviceSymLinkUnicodeString,
   deviceSymLinkBuffer);
 
 // Create the device.
 ntStatus = IoCreateDevice ( pDriverObject,
   0, // For driver extension
   &deviceNameUnicodeString,
   FILE_DEVICE_UNKNOWN,
   FILE_DEVICE_UNKNOWN,
   FALSE,
   &g_MyDevice);
 
 // Create the symbolic link
 ntStatus = IoCreateSymbolicLink(&deviceSymLinkUnicodeString,
   &deviceNameUnicodeString);

Re: How access my driver using CreateFile() api?

 #30721  by Vrtule
 Sat Aug 12, 2017 6:00 pm
Hello,

you do not seem to check NTSTATUS values returned by IoCreateDevice and IoCreateSymbolicLink, so it is not clear whether your device or its symbolic link are actually created.

Do not pass FILE_DEVICE_UNKNOWN as device characteristics, since this constant is a device type, not device characteristic. Pass zero instead, for example.

Vrtule
 Topic locked
 Return to “Newbie Questions”