Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.More Info on Driver Writing and Debugging
The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
Connect to PPL Only
Is there a way to allow user-driver connections from only PPL processes?
| Upcoming OSR Seminars | ||
|---|---|---|
| OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead! | ||
| Writing WDF Drivers | 7 Dec 2020 | LIVE ONLINE |
| Internals & Software Drivers | 25 Jan 2021 | LIVE ONLINE |
| Developing Minifilters | 8 March 2021 | LIVE ONLINE |
Comments
Yes there should be a way (because there is a way to find PPLs from a kernel driver)
Happy hacking.
-- pa
Thanks Pavel. I had seen that github, but I don't want to use undocumented calls.
You can use ZwQueryInformationProcess with ProcessProtectionInformation to query the protection level in a semi-documented way. (semi documented because this function is documented for user mode usage and it has a "may be altered or unavailable in future versions of windows" disclaimer.) - Why are you trying to protect your device that way? If a user is an administrator he has access to load drivers that could allow him to inject into a protected process and eventually access your device... The question is - what are you trying to protect from?