I am using the IoThreadToProcess call along with other calls like
typedef PCHAR (*GET_PROCESS_IMAGE_NAME) (PEPROCESS Process);
to get the process name from my file system minifilter driver.
This I do to allow access only to my process and block for other unknown process..I am checking the process name for the same.
If somebody changes the name of their process with my product's service name then they will be able to access my files.so now I wanted to check the authenticity of the process from my mini filter driver. Is there a way I can know the authenticity of the process from my file system mini filter driver.
like check its properties or how to go about this.
any help would be very useful