Opening symbolic link in kernel Windows8.1+

i'm trying to open symbolic link as a file using ZwOpenProcess in kernel space. Using code below all is ok on XP-7. But using Windows 8.1 ZwOpenProcess fails with different NTSTATUS codes, like 0xC0000001, 0xC000000D

OBJECT_ATTRIBUTES  ObjectAttributes;
HANDLE             FileHandle;
IO_STATUS_BLOCK    IoStatus;
NTSTATUS           Status;

InitializeObjectAttributes ( &ObjectAttributes,
                             SymLinkOrDeviceName, // <--- \Device\CEDRIVER60
                             OBJ_KERNEL_HANDLE,
                             (HANDLE) NULL,
                             (PSECURITY_DESCRIPTOR) NULL );

Status = ZwOpenFile ( &FileHandle,
                      FILE_READ_ACCESS,
                      &ObjectAttributes,
                      &IoStatus,
                      0,
                      FILE_NON_DIRECTORY_FILE );


if ( !NT_SUCCESS ( Status ) )
{
    DbgPrint("TEST: ERROR %p ", Status); // <--- 0xC0000001, 0xC000000D
    goto Exit;
}

I checked, using WinObj - symbolic link present in system, code works fine on XP-7.

I also trind to change Access to - FILE_ANY_ACCESS - the same result.

ZwOpenProcess

I suppose you meant ZwOpenFile.

\Device\CEDRIVER60

Did you really looked into the \Device directory? This directory usually contains device objects created by drivers. Symbolic links are usually placed into directories like \DosDevices. You should also include the OBJ_CASE_INSENSITIVE flag.

FILE_READ_ACCESS

This flag determines access right(s) required to successfully deliver an IOCTL message to a target device object. Specify a true file access right constant like FILE_READ_ATTRIBUTES, FILE_READ_DATA (its value is actually the same as FILE_READ_ACCESS) or GENERIC_READ. MSDN page on ZwOpenFile (and ZwCreateFile) is also worth of reading. You may need to include the SYNCHRONIZE flag too.

%p

NTSTATUS is defined as long (32-bit signed integer). %x is more appropriate.