Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

How can get SID of user in minifilter driver

m_sldm_sld Member - All Emails Posts: 25

Hi,
I want to get SID(security ID) of local logged in user to windows via kernel driver; such as: S-1-5-21-187542237-892059459-3562553626-1001
How can get it?
What is Data->Iopb->Parameters.QueryQuota.StartSid and SidList parameters that is in callback_data of IRP dispatch routin? Are these helpful for me?

Comments

  • rod_widdowsonrod_widdowson Member - All Emails Posts: 1,083

    Are these helpful for me?

    No.

    The only reliable time to get secuiry information is during IRP_MJ_CREATE. Take a poke at the SecurityContext, there should be something there.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
Writing WDF Drivers 21 Oct 2019 OSR Seminar Space & ONLINE
Internals & Software Drivers 18 Nov 2019 Dulles, VA
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 27 Apr 2020 OSR Seminar Space & ONLINE