Major Description
It is possible for user-mode programs to crash the kernel by calling NtCreateFile with an invalid pointer for ObjectAttributes, which gets passed to IoCreateFile. The supplied patch will add the code that will probe and capture the ObjectAttributes parameter. Note that capturing the ObjectName and/or other values in ObjectAttributes is not necessary as those checks will be performed in ObOpenObjectByName.