I have some code that does the following (pseudo code to try and be brief)
PreOp(PFLT_CALLBACK_DATA Data, ...) case IRP_MJ_SET_SECURITY: //defer because we will call FltQuerySecurityObject which needs to be at IRQL PASSIVE FltQueueDeferredIoWorkItem(Data, LookupFunc, CriticalWorkQueue) return FLT_PREOP_PENDING; LookupFunc(PFLT_CALLBACK_DATA Data, ...) FltQuerySecurityObject(Data) //at IRQL PASSIVE now FltCompletePendedPreOperation(FLT_PREOP_SUCCESS_WITH_CALLBACK)
With this code in place I find I can successfully change the security settings, file ownership settings, etc using Windows Explorer with no problem.
However, when Windows Update runs (and apparently Veeam's restore app) they fail when trying to set file security with 0x8007051B - This security ID may not be assigned as the owner of this object
As far as I understand, the code above would pass all requests through to the lower level without any changes, albeit with a temporary pause to do the lookup.
Apparently there is hole in my understanding. Can anyone help me see what is wrong?
It looks like you're new here. If you want to get involved, click one of these buttons!
|Upcoming OSR Seminars|
|Developing Minifilters||29 July 2019||OSR Seminar Space|
|Writing WDF Drivers||23 Sept 2019||OSR Seminar Space|
|Kernel Debugging||21 Oct 2019||OSR Seminar Space|
|Internals & Software Drivers||18 Nov 2019||Dulles, VA|