Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging

The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.

Check out The OSR Learning Library at:

Impersonating in PreCreate callback

reimhagenreimhagen Member Posts: 8
edited March 17 in NTFSD

I'm authoring a minifilter that basically acts as a virtual file system. A mixture of local and remote shares are mapped in to materialize a file system. In my API, the remote mappings may also contain a token for use when accessing that specific share. In my precreate handler, when I see a path that falls under one of the mapped remote paths, how can I impersonate the Create operation? I've tried PsImpersonateClient in the precreate and PsRevertToSelf , in the postcreate, but that doesn't seem to cut it. I see that within SECURITY_SUBJECT_CONTEXT inside ACCESS_STATE inside IO_SECURITY_CONTEXT there's a field for a ClientToken, but the documentation says I shouldn't modify it directly and it's unclear which support function lets me change that token.

Thanks in advance

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 15 Jun 2020 LIVE ONLINE
Writing WDF Drivers 22 June 2020 LIVE ONLINE
Internals & Software Drivers 28 Sept 2020 Dulles, VA