The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
This question consists of two parts:
1. How to technically restrict access to the driver to certain processes. I've read
SeAccessCheck are a good way to start.
2. How to verify the calling process.
Here I'm assuming that randomizing CTL_CODE's function argument is not the way.
Assuming both the driver and the client are signed, is it a good idea to verify the signature of the calling process from the driver and completely rely on that? Or is there any other solutions?
What if both are not signed, does that make it impossible to verify?
I guess this question is not necessarily about IOCTL and socket communication but more about how to verify a process is the one trusted by the driver and is the only one implemented by the driver's developers that is meant to, for example, communicate with the driver.
|Upcoming OSR Seminars|
|OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!|
|Kernel Debugging||13-17 May 2024||Live, Online|
|Developing Minifilters||1-5 Apr 2024||Live, Online|
|Internals & Software Drivers||11-15 Mar 2024||Live, Online|
|Writing WDF Drivers||26 Feb - 1 Mar 2024||Live, Online|