When calling ObReferenceObjectByHandle, ObReferenceObjectByPointer, or ObOpenObjectByPointer you should be passing a non NULL value for the POBJECT_TYPE ObjectType parameter (more on why you should never pass NULL in a later post). Before Windows Vista there were only two documented types in the DDK, *IoFileObjectType and *ExEventObjectType (these are exported as a POBJECT_TYPE* which is why you need the *). These allowed you to safely pass in a HANDLE that represented an event or file object from a user mode application to your driver and get the underlying kernel mode object. In Vista WDK there are two new documented (doronh: added for clarity) types, *PsProcessType and *PsThreadType. With these newly documented types, you can now safely pass a HANDLE which represents a process or a thread. Furthermore, these types are available to you in previous versions of Windows (I just confirmed that they are present on Windows XP SP2).