Get remote host name on a network shared file access in mini-filter drive

I am writing a mini-filter driver to allow or block Network shared file access for specific hosts in a network. I have detected for Any network access with the SourceName field using SeQueryInformationToken().

If the SourceName field is **NtLmSsp **the request is from the network.

Till now I can Only detect the network file access But somehow I am not able to find out the HostName/IP for the remote machine.

How can I identify the remote IP/hostName in network shared file access?

Any hints/ideas will be much appreciated.

Thanks to OSR community.

Platform: Windows, Language: c

I’m moving this to the proper category,

NTFSD is for File System Drivers and minifilters.

Peter

Thanks.

See SRV_OPEN_ECP_CONTEXT

@“Scott_Noone_(OSR)” Can you please provide some example or any link?

Did you search? The minispy sample from the WDK shows how to use it.

ya, I did, but didn’t find.

@“Scott_Noone_(OSR)” Thank you very much for the info. I got it today.

1 Like