The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
One of the features of a minifilter->user mode server system I'm helping build requires us to log user access attempts to certain files. There are a number of ways to get user IDs in both KM and UM but I was just wondering if there's a "best practices" way of doing so, ensuring the user ID I log belongs to the Windows account that actually tried to open the file, and not a system/admin/etc. account running the minifilter and server?
Advice appreciated, especially for a UM solution as I'd prefer not to monkey with our driver code!
|Upcoming OSR Seminars|
|OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!|
|Developing Minifilters||24 May 2021||Live, Online|
|Writing WDF Drivers||14 June 2021||Live, Online|
|Internals & Software Drivers||2 August 2021||Live, Online|
|Kernel Debugging||27 Sept 2021||Live, Online|