Hello. Any ideas on how a driver can determine only it's associated service should be the one to communicate with the driver?
I've had a look and there are no cert checks API in DDK. MS code is able to do it via Code Integrity module, but how is a 3rd party driver then supposed to ensure only his service can communicate with his driver. Every scenario I thought of from filepath verification, image name, etc all have the potential of being spoofed by an actor. Cert verification is the best way to ensure the service talking to my driver is truly mine, but I don't see any obvious way of invoking it.
It looks like you're new here. If you want to get involved, click one of these buttons!
|Upcoming OSR Seminars|
|Writing WDF Drivers||21 Oct 2019||OSR Seminar Space & ONLINE|
|Internals & Software Drivers||18 Nov 2019||Dulles, VA|
|Kernel Debugging||30 Mar 2020||OSR Seminar Space|
|Developing Minifilters||27 Apr 2020||OSR Seminar Space & ONLINE|