I have a minispy-like filter that I’d like to add client IP logging to.
From my reading about SRV_OPEN_ECP_CONTEXT, this should be possible on a
Windows 7 or Windows 2008 R2 OS.
Calling FltGetEcpListFromCallbackData returns STATUS_SUCCESS, but the
returned EcpList is always NULL, indicating there was no ECP associated with
the request. I suppose that might make sense for file system requests from
the local machine, but even requests from remote computers (even from
another Windows 2008 R2 machine) also never have any ECPs attached.
Oh, and I’m calling it from IRP_MJ_CREATE’s Post callback.
It there a trick to enabling ECPs that needs to be done?
Yeah, IIRC you need to set
HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\enableecp = 1
(or maybe enableecps ?). This was covered during last plugfest but the
documentation for “System-Defined ECPs” (currently at http://msdn.microsoft.com/en-us/library/ff556779(v=VS.85).aspx) doesn’t
mention anything.
I’ve tried both the values you mention but still get a null back. Googling
for enabling ECPs takes me to discussion about printer ECPs, and this post
Does anyone remember the exact name for that parameter? Does it need to be
set in conjunction with another value??
Thanks
Doug
Yeah, IIRC you need to set
HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\enableecp = 1
(or maybe enableecps ?). This was covered during last plugfest but the
documentation for “System-Defined ECPs” (currently at http://msdn.microsoft.com/en-us/library/ff556779(v=VS.85).aspx) doesn’t
mention anything.
