Hi,
I would like to use ZwCreateFile to open a network file (Microsoft
Network) in the context of the system process. I browse through the NTFSD
archive saying that I can use KeAttachProcess, but it is not defined in
NTDDK or IFSKIT for Win 2k. Or is there any undocumented ZwXXX routines that
allows me to do that? Any sample code is appreciated.
Is anyone know when is the 2001 archive available?
Best regards,
Sin-Lam
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
> I would like to use ZwCreateFile to open a network file (Microsoft
Network) in the context of the system process. I browse through the NTFSD
archive saying that I can use KeAttachProcess, but it is not defined in
NTDDK or IFSKIT for Win 2k. Or is there any undocumented ZwXXX routines that
allows me to do that? Any sample code is appreciated.
Hi,
In order to open network file you don’t need to use KeAttachProcess, you
need to impersonate thread that trying to open file with security context
that has permissions to open the file. You can use SeImpersonateClient to
achive that. This function has two parameters: one is the thread you
trying
to impersonate and the other is ClientContext. You can build ClientContext
using SeCreateClientSecurity. You need to set ClientThread parameter in
this function to a thread id that has appropriate permitions. One possible
way to get this thread is write applicaion that will do LogonUser and then
will send private IoControl to driver. In dispatch function of this
IoConrol you can use SeCreateClientSecurity to build ClientContext and
then use it to impersonate system thread when you need to open network
file.
Hope this help.
Best regards,
Alexei.
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com