Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results


More Info on Driver Writing and Debugging

The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.

Check out The OSR Learning Library at:

Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

I/O access to NDIS Filter Driver object for non-admin processes

kolakola Member Posts: 13

I have Windows NDIS FilterDriver and it has name \Device\MyFilter. User application performs some DeviceIoControl operation with the FilterDriver and calls following code to open the device handle:

LPSECURITY_ATTRIBUTES   lpSecurityAttributes = NULL;
DWORD   CreationDistribution = OPEN_EXISTING;
DWORD   lastErr = 0;

m_hFilter = CreateFileA(MY_FILTER_NAME, /* "\\\\.\\\\MyFilter" */
    DesiredAccess, ShareMode, lpSecurityAttributes, CreationDistribution, FlagsAndAttributes, NULL);

if (m_hFilter == INVALID_HANDLE_VALUE)
    lastErr = GetLastError();
    return false;

It works great if user application was run "As Administrator", otherwise (if run as regular User) CreateFileA returns INVALID_HANDLE_VALUE, and lastErr = 5 (Access Denied)
Reasons why it returns "Access Denied" are clear, but how to make user's application to open the Filter Driver object?
The idea of creating an interface with IoRegisterDeviceInterface() looks promising, but it requires the pointer to PDO, which I do not know where to obtain for the Filter Driver.


  • Scott_Noone_(OSR)Scott_Noone_(OSR) Administrator Posts: 3,442

    You need to use a different protection on your device object.

    I've never written an NDIS Filter but it looks like you need to specify an appropriate SDDL string in your NDIS_DEVICE_OBJECT_ATTRIBUTES. If you're not sure what you want for an SDDL string there are some reasonable default values available in wdmsec.h.


  • kolakola Member Posts: 13

    Thanks, Scott!!!
    This code helped:


    // Register the filter driver
    Status = NdisRegisterDeviceEx(g_FilterDriverHandle, &DeviceAttribute, &g_NdisDeviceObject, &g_NdisFilterDeviceHandle);

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Developing Minifilters 24 May 2021 Live, Online
Writing WDF Drivers 14 June 2021 Live, Online
Internals & Software Drivers 2 August 2021 Live, Online
Kernel Debugging 27 Sept 2021 Live, Online