Curious if anyone has run into issues with WinXP SP2? I can hook ZwCreateFile (As I am trying to debug a rather nasty problem...) just fine, but if I want to open a file from my driver within the hook for ZwCreateFile, using the proper/original ZwCreateFile I manage to get a STATUS_ACCESS_VIOLATION.

Anyone run into this problem and have a quick solution? I have walked through the disassembly in Windbg and IDA Pro and see that everything goes bad when NtCreateFile->IoCreateFile->IopCreateFile runs into MmUserProbeAddress() on the FileHandle I supply to the original ZwCreateFile.

Any subtle insights would be greatly appreciated.