Hey, guys.
Sorry, maybe I forgot about “search” button, but I have simple & clear question. What way is good & well-tried & secure to check digital signature of caller process image file? For example, I want to check caller process in IRP_MJ_DEVICE_CONTROL handler on trusted and decline all requests except from my process with digital signature and right signer.
Thx in advance.
*I mean in IRP_MJ_CREATE handler of course. *typo
The simple answer is, get all the data you need from IRP_MJ_CREATE and send
that to user-mode ( then use WinVerifyTrust), wait for a reply from there
and make your decision.
I don’t know of any way you could achieve the same in KM.
Gabriel
www.kasardia.com
On Tue, Oct 11, 2016 at 5:19 PM, wrote:
> *I mean in IRP_MJ_CREATE handler of course. *typo
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list online at: http:> showlists.cfm?list=ntdev>
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at <
> http://www.osronline.com/page.cfm?name=ListServer>
>
–
Bercea. G.</http:></http:>