The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
Hello. So a bit of context - I have a FS minifilter that is monitoring I/O on the pre/post path, so I have all those struct members if need be. On the Post path where I'm mainly operating, I'm checking the SD/ACL/ACE of the specified FileObject being accessed. But since my process is running from an admin, my token privileges are too high. I want the access checks to be done based on the standard user that got elevated.
I started going down the route of manually trying to check the ACCESS_MASK and building the Desired/Granted/Remaining Access and Allow/Deny based on masks in Dacl/Ace looping, and basing it from SIDs in the standard user token groups, but this is getting very complex, and I feel I will mess up the checks, hence looking at the use of APIs again.
|Upcoming OSR Seminars|
|OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!||Kernel Debugging||30 Mar 2020||OSR Seminar Space|
|Developing Minifilters||15 Jun 2020||LIVE ONLINE|
|Writing WDF Drivers||22 June 2020||LIVE ONLINE|
|Internals & Software Drivers||28 Sept 2020||Dulles, VA|