Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

Convert kernel handle 'PACCESS_TOKEN' into user-mode HANDLE hToken

Gova_GimerGova_Gimer Member - All Emails Posts: 43


I had research in google about how convert a kernel handle 'PACCESS_TOKEN' into user-mode HANDLE hToken, I did not find anything
How do i do ?

i developpe a virtual disk file system and i want check security ACL access in IRP_MJ_CREATE

In kernel mode :
I capture PACCESS_TOKEN in SECURITY_SUBJECT_CONTEXT::client token from _IO_STACK_LOCATION::Create::SecurityContext::AccessState::SubjectSecurityContext::ClientToken;

In user mode hToken :
HANDLE hImpersonatedToken = NULL;
if (::DuplicateToken(hToken, SecurityImpersonation, &hImpersonatedToken))
mapping.GenericRead = FILE_GENERIC_READ;
mapping.GenericWrite = FILE_GENERIC_WRITE;
mapping.GenericExecute = FILE_GENERIC_EXECUTE;
mapping.GenericAll = FILE_ALL_ACCESS;

        ::MapGenericMask(&genericAccessRights, &mapping);

        if (::AccessCheck(pFileSD, hImpersonatedToken, genericAccessRights, &mapping, &privileges, &privilegesLength, &grantedAccess, &result))
            bRet = (result == TRUE);


Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Writing WDF Drivers 13 April 2020 OSR Seminar Space & ONLINE
Developing Minifilters 20 Apr 2020 OSR Seminar Space & ONLINE
Internals & Software Drivers TBD Dulles, VA