I have Windows NDIS FilterDriver and it has name \Device\MyFilter. User application performs some DeviceIoControl operation with the FilterDriver and calls following code to open the device handle:
LPSECURITY_ATTRIBUTES lpSecurityAttributes = NULL;
DWORD CreationDistribution = OPEN_EXISTING;
DWORD FlagsAndAttributes = FILE_FLAG_OVERLAPPED;
DWORD DesiredAccess = GENERIC_READ | GENERIC_WRITE;
DWORD ShareMode = FILE_SHARE_READ | FILE_SHARE_WRITE;
DWORD lastErr = 0;
m_hFilter = CreateFileA(MY_FILTER_NAME, /* "\\\\.\\\\MyFilter" */
DesiredAccess, ShareMode, lpSecurityAttributes, CreationDistribution, FlagsAndAttributes, NULL);
if (m_hFilter == INVALID_HANDLE_VALUE)
{
lastErr = GetLastError();
return false;
}
It works great if user application was run “As Administrator”, otherwise (if run as regular User) CreateFileA returns INVALID_HANDLE_VALUE, and lastErr = 5 (Access Denied)
Reasons why it returns “Access Denied” are clear, but how to make user’s application to open the Filter Driver object?
The idea of creating an interface with IoRegisterDeviceInterface() looks promising, but it requires the pointer to PDO, which I do not know where to obtain for the Filter Driver.