The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
I have a need to determine the SID's for the account domain (
PolicyAccountDomainInformation) and primary domain (
PolicyDnsDomainInformation) in an FSD. I understand that this information lives inside the user-mode LSA service. In user mode it is straightforward to get this information by using the
LsaQueryInformationPolicy API. In kernel mode there is no direct equivalent; the
SecLookup* exports from
ksecdd provide limited access to the LSA.
I am considering the following 2 solutions:
HKEY_LOCAL_MACHINE\SECURITY\Policy\PolAcDmS - SID for PolicyAccountDomainInformation HKEY_LOCAL_MACHINE\SECURITY\Policy\PolPrDmS - SID for PolicyDnsDomainInformation
Does anyone have any better suggestions?
It looks like you're new here. If you want to get involved, click one of these buttons!
|Upcoming OSR Seminars|
|OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!||Kernel Debugging||30 Mar 2020||OSR Seminar Space|
|Developing Minifilters||15 Jun 2020||LIVE ONLINE|
|Writing WDF Drivers||22 June 2020||LIVE ONLINE|
|Internals & Software Drivers||28 Sept 2020||Dulles, VA|