Re: [ntdev] How to get user sid in dispatch level

NTDEV
1

The short answer is no - of course not as there is no such concept at dispatch level. At this level you are executing as part of the operating system and your execution context can be arbitrary. This means that no local user context exists, and if you are talking about a remote user, remember that the remote system may not even by Windows

Sent from Surface Pro

From: xxxxx@gmail.com
Sent: ‎Thursday‎, ‎July‎ ‎23‎, ‎2015 ‎5‎:‎31‎ ‎AM
To: Windows System Software Devs Interest List

Hello everyone,

Is there any way to get current user’s sid(security identifier) in dispatch level?

I want to obtain user’s sid in NDIS intermediate intermediate driver when one packet comes, however IRQL level is dispatch level so I cannot use functions such as ZwQueryInformationToken.

Is there any way to do this? Thanks in advance.

NTDEV is sponsored by OSR

Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev

OSR is HIRING!! See http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

2

You mean the SID of the process that will eventually consume this incoming packet on the local machine? What will you do with packets destined for KM sockets or handled by the OS?

Sent from Surface Pro

From: xxxxx@gmail.com
Sent: ‎Thursday‎, ‎July‎ ‎23‎, ‎2015 ‎8‎:‎51‎ ‎PM
To: Windows System Software Devs Interest List

Alexandru, Daniel, David and Marion,

Thank you for your kind reply. Your answer is highly appreciated. Thanks very much.

What I want is checking every packet which user it belongs to.

Currently I am considering using a user level application to get user’s sid and pass it to kernel driver since it is not possible to get that directly in kernel driver.

Thank you for your answer, very appreciated.

DengKe

NTDEV is sponsored by OSR

Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev

OSR is HIRING!! See http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer