Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTFSD
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


How can get SID of user in minifilter driver

m_sldm_sld Member - All Emails Posts: 25

Hi,
I want to get SID(security ID) of local logged in user to windows via kernel driver; such as: S-1-5-21-187542237-892059459-3562553626-1001
How can get it?
What is Data->Iopb->Parameters.QueryQuota.StartSid and SidList parameters that is in callback_data of IRP dispatch routin? Are these helpful for me?

Comments

  • rod_widdowsonrod_widdowson Member - All Emails Posts: 1,134

    Are these helpful for me?

    No.

    The only reliable time to get secuiry information is during IRP_MJ_CREATE. Take a poke at the SecurityContext, there should be something there.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 15 Jun 2020 LIVE ONLINE
Writing WDF Drivers 22 June 2020 LIVE ONLINE
Internals & Software Drivers 28 Sept 2020 Dulles, VA