Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

Can I query for security descriptor using FltQuerySecurityObject() for all security info

RashmiRashmi Member Posts: 4

Can I call FltQuerySecurityObject() to get security descriptor for all OWNER_SECURITY_INFORMATION, GROUP_SECURITY_INFORMATION, DACL_SECURITY_INFORMATION, ACL_SECURITY_INFORMATION at once?

e.g., FltQuerySecurityObject( fltInstance, fileObject, (OWNER_SECURITY_INFORMATION + GROUP_SECURITY_INFORMATION + DACL_SECURITY_INFORMATION + ACL_SECURITY_INFORMATION), pSecDesc, length, &lengthNeeded)

Comments

  • Scott_Noone_(OSR)Scott_Noone_(OSR) Administrator Posts: 3,123

    Did you try it?

    -scott
    OSR

  • Dejan_MaksimovicDejan_Maksimovic Member - All Emails Posts: 224

    It takes 20 minutes to test this, time better spent with other code, if someone can confirm :)

    No. But you can use | (logical OR) instead of + (additoon). In case of flags that usually works, but is a programming error, in case flags are not using completely different bits.

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 7,211

    It takes 20 minutes to test this, time better spent with other code, if someone can confirm :)

    Disagree. You invest 20 minutes and you know the answer for sure ... instead of sitting with your thumb up your ass for several hours waiting for somebody to “confirm”... and then you’re 100% reliant on that person’s information, which may or may not be correct.

    Do your own engineering whenever that’s practically possible. Believe stuff that you’ve seen with your own eyes, and that makes sense. Early in my career, I worked with a pretty senior engineer who had a propensity for repeating things told him instead of doing his own engineering. This was very efficient for him, time wise. It also almost ruined his career — no exaggeration— when several key things he was fond of repeating turned out to be wrong. He actually made it a point to tell me about this, and to counsel me to always verify things for myself. I never forgot the lesson.

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

  • Dejan_MaksimovicDejan_Maksimovic Member - All Emails Posts: 224

    In general, I have that approach. But for things trivial, especially if you can do something else instead of those 20 minutes, yeah, it makes sense. It adds up to weeks a year.

    Plus imagine the flags not being separate big flags, he would have tested and though "nope, does not work".

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 7,211

    It adds up to weeks a year.

    And breeds dependence, sloth, and sloppiness. I wonder how well one learns, if one always asks others for the answers and doesn’t exercise his/her own intellect?

    OTOH, if the OP was struggling with a complex architecural concept, it’s not practical for him to acquire the years of experience to be able to answer such a question. And in those cases, he’ll sort of have to just take our word for the answer.

    Plus imagine the flags not being separate big flags, he would have tested and though "nope, does not work".

    And then he would, eventually, learn how to program in C.

    We have very different views on the various uses of our time, Mr. Maksimovic... I find that interesting. Certainly, I intend no disrespect to your attitude; I just really differ.

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

  • Dejan_MaksimovicDejan_Maksimovic Member - All Emails Posts: 224
    via Email
    > And breeds dependence, sloth, and sloppiness. I wonder how well one learns,
    > if one always asks others for the answers and doesn’t exercise his/her own
    > intellect?
    True, "Always" being the key word here.

    > And then he would, eventually, learn how to program in C.
    :)

    > We have very different views on the various uses of our time, Mr.
    > Maksimovic... I find that interesting. Certainly, I intend no disrespect to
    > your attitude; I just really differ.
    Ditto.
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
Developing Minifilters 29 July 2019 OSR Seminar Space
Writing WDF Drivers 23 Sept 2019 OSR Seminar Space
Kernel Debugging 21 Oct 2019 OSR Seminar Space
Internals & Software Drivers 18 Nov 2019 Dulles, VA