Hi ,
i have a small query regarding the naming of filter driver’s device object… Many Books say that it doesnt have any name but my question is what if i name it ??
consider the scenario suppose if i need to provide my application access to this filter device object ( i mean i want to send custome IOCTL s) to my filter device from my application then without a name or symbolic link how can i access and call CreateFile and send DeviceIOControl calls ???
Any suggestions are welcome…
– Subodh
You can either send IOCTLs to the filtered device (and simply intercept
them in your filter driver,) or create a separate device object, with a
name, that is used for your backdoor communications.
=====================
Mark Roddy
Windows XP/2000/NT Consultant, Microsoft MVP
Hollis Technology Solutions 603-321-1032
www.hollistech.com
xxxxx@hollistech.com
For Windows Device Driver Training: see www.azius.com
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Subodh Gupta
Sent: Friday, August 02, 2002 2:25 AM
To: NT Developers Interest List
Subject: [ntdev] Can A Filter Driver’s Device Object Have Name ?
Hi ,
i have a small query regarding the naming of filter driver’s device
object… Many Books say that it doesnt have any name but my question is
what if i name it ??
consider the scenario suppose if i need to provide my application access
to this filter device object ( i mean i want to send custome IOCTL s) to
my filter device from my application then without a name or symbolic
link how can i access and call CreateFile and send DeviceIOControl calls
???
Any suggestions are welcome…
You are currently subscribed to ntdev as: xxxxx@hollistech.com
To unsubscribe send a blank email to %%email.unsub%%
Message"Mark Roddy" wrote in message
news:xxxxx@ntdev…
>You can either send IOCTLs to the filtered device (and simply intercept
them in your filter driver,) or create >a separate device object, with a
name, that is used for your backdoor communications.
Caveat: If you name the filter device object, be VERY CAREFUL about the
protection applied.
Be SURE to supply a security descriptor in your INF file for that device
object that’s at least as tight as that which pertains to the PDO (or named
device object) underlying the stack you’re filtering.
When you name a device object in a stack, such as that for a filter driver,
you’re creating a new security entry-point to that stack. If that entry
point is vulnerable, you can be sure it’ll be exploited by those with
malintent.
Peter
OSR
MessageFor a lower filter the additional device object approach is a necessary solution for communication with user mode, as the FDO driver is not required to pass down your filter’s requests, and it likely will not do so.
–
Bill McKenzie
Windows DDK MVP
OSR - Windows System Software Development, Training, and Consulting
“Mark Roddy” wrote in message news:xxxxx@ntdev…
You can either send IOCTLs to the filtered device (and simply intercept them in your filter driver,) or create a separate device object, with a name, that is used for your backdoor communications.
=====================
Mark Roddy
Windows XP/2000/NT Consultant, Microsoft MVP
Hollis Technology Solutions 603-321-1032
www.hollistech.com
xxxxx@hollistech.com
For Windows Device Driver Training: see www.azius.com
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Subodh Gupta
Sent: Friday, August 02, 2002 2:25 AM
To: NT Developers Interest List
Subject: [ntdev] Can A Filter Driver’s Device Object Have Name ?
Hi ,
i have a small query regarding the naming of filter driver’s device object… Many Books say that it doesnt have any name but my question is what if i name it ??
consider the scenario suppose if i need to provide my application access to this filter device object ( i mean i want to send custome IOCTL s) to my filter device from my application then without a name or symbolic link how can i access and call CreateFile and send DeviceIOControl calls ???
Any suggestions are welcome…
– Subodh
—
You are currently subscribed to ntdev as: xxxxx@hollistech.com
To unsubscribe send a blank email to %%email.unsub%%
Hi Peter,
Thanks for the guidence But the problem my side is that i am filtering TCP/IP … so i cant get the handle to its device in the user mode (using CreateFile etc.) application hence i also cant send my custom IOCTLs to it and intercept them.
So I think i just have left only One choice that to create a seprate fake device object and provide a symbolic link to the application so that custom IOCTLs could be sent to my filter driver.In This way i can provide backdoor communication for application.
But In this case What wuold be its impact on the sequrity ??
–Subodh
---------- Original Message ----------------------------------
From: “Peter Viscarola”
Reply-To: “NT Developers Interest List”
Date: Fri, 2 Aug 2002 08:25:17 -0400
>Message"Mark Roddy" wrote in message
>news:xxxxx@ntdev…
>>You can either send IOCTLs to the filtered device (and simply intercept
>them in your filter driver,) or create >a separate device object, with a
>name, that is used for your backdoor communications.
>
>Caveat: If you name the filter device object, be VERY CAREFUL about the
>protection applied.
>
>Be SURE to supply a security descriptor in your INF file for that device
>object that’s at least as tight as that which pertains to the PDO (or named
>device object) underlying the stack you’re filtering.
>
>When you name a device object in a stack, such as that for a filter driver,
>you’re creating a new security entry-point to that stack. If that entry
>point is vulnerable, you can be sure it’ll be exploited by those with
>malintent.
>
>Peter
>OSR
>
>
>
>
>
>—
>You are currently subscribed to ntdev as: xxxxx@leadbyte.com
>To unsubscribe send a blank email to %%email.unsub%%
>