ObReferenceObjectByHandle错误检查，内存访问冲突

Question

I am working on a project to dynamically disable the keyboard. I have written a driver which attempts to obtain the keyboards physical device object then call IoInvalidateDeviceState with it but I am having a problem getting its physical device object. Whenever I try to call ObReferenceObjectByHandle with the handle to the device object, a bugcheck occurs and the error is a memory access violation. Here is my source code:

#include "ntifs.h"
#include "wdm.h" 
#include "ntstrsafe.h"
#pragma comment(lib, "ntstrsafe.lib")

VOID DriverUnloadRoutine(__in PDRIVER_OBJECT DriverObject);

DRIVER_INITIALIZE DriverEntry;
NTSTATUS DriverEntry( 
__in struct _DRIVER_OBJECT  *DriverObject,
__in PUNICODE_STRING  RegistryPath 
)
{
UNICODE_STRING keybdname;
FILE_OBJECT * keybdfo;
DEVICE_OBJECT * keybddo;
HANDLE hpdo;
FILE_OBJECT * pdofo;
DEVICE_OBJECT * pdo;

DriverObject->DriverUnload = DriverUnloadRoutine;

RtlInitUnicodeString(&keybdname,L"\\Device\\KeyboardClass0");
IoGetDeviceObjectPointer(&keybdname,GENERIC_ALL,&keybdfo,&keybddo);
ObOpenObjectByPointer(&keybddo,OBJ_KERNEL_HANDLE,0,0,0,KernelMode,&hpdo);
ObReferenceObjectByHandle(hpdo,FILE_ALL_ACCESS,*IoFileObjectType,KernelMode,&pdofo,NULL);
pdo = IoGetRelatedDeviceObject(&pdofo);
IoInvalidateDeviceState(&pdo);

return 0;  
}

VOID DriverUnloadRoutine(
    __in PDRIVER_OBJECT DriverObject
    )
{

}

I realize this is probably not the best way to accomplish this (maybe even the worst), but the only two other ways I know of are unplugging the keyboard or installing a filter driver, which would require a reboot. If there is another way to do this, informing me of it would be great. Thanks in advance for the help!

Answer 1

My guess would be, that one of your functions you are calling does return a error value, and does not fill out the according structure.

I would go about disabling the keyboard by looking at the SetupApi or the CfgMgr32 functions.

The "devcon" wdk sample should contain the code to disable a device from user mode.