Hello!
I would like to convert a string to a PCHAR in order to send it to user mode.
The problem is a little strange… I have read the article about how to get the SID, but I don’t
understand how to convert that structure to a PCHAR.
I would be very thankful if someone could help me with that.
Thanks!
I don’t believe that there is a kernel mode function that converts and
SID to a string; you would have to that yourself or address the issue in
user mode.
Good luck,
mm
xxxxx@gmail.com wrote:
Hello!
I would like to convert a string to a PCHAR in order to send it to user mode.
The problem is a little strange… I have read the article about how to get the SID, but I don’t
understand how to convert that structure to a PCHAR.
I would be very thankful if someone could help me with that.
Thanks!
RtlCopySid? This copies the SID into a contiguous buffer that you can then
sent to user mode. Up in user mode you can use apis such as LookupAccountSid
using this buffer.
On Feb 9, 2008 10:40 AM, wrote:
> Hello!
>
> I would like to convert a string to a PCHAR in order to send it to user
> mode.
>
> The problem is a little strange… I have read the article about how to
> get the SID, but I don’t
>
> understand how to convert that structure to a PCHAR.
>
> I would be very thankful if someone could help me with that.
>
> Thanks!
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> You are currently subscribed to ntfsd as: xxxxx@hollistech.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
–
Mark Roddy
The SDK contains a sample piece of code for converting in the SID in user
space http://msdn2.microsoft.com/en-us/library/aa376396(VS.85).aspx. There
is a match for most of the functions used with Rtl functions in the kernel,
and the rest can be done by accessing structure members.
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply
wrote in message news:xxxxx@ntfsd…
> Hello!
>
> I would like to convert a string to a PCHAR in order to send it to user
> mode.
>
> The problem is a little strange… I have read the article about how to
> get the SID, but I don’t
>
> understand how to convert that structure to a PCHAR.
>
> I would be very thankful if someone could help me with that.
>
> Thanks!
>
Thank you very much!
Convert to self-relative SID and send the BLOB.
–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
wrote in message news:xxxxx@ntfsd…
> Hello!
>
> I would like to convert a string to a PCHAR in order to send it to user mode.
>
> The problem is a little strange… I have read the article about how to get
the SID, but I don’t
>
> understand how to convert that structure to a PCHAR.
>
> I would be very thankful if someone could help me with that.
>
> Thanks!
>
Hello, again!
I do the following in order to transfer the sid to user mode, and when this code is executed, I get a blue screen:
PCHAR gData;
RtlCopySid(sizeof(sid), gData, sid);
gData[sizeof(sid)] = ANSI_NULL;
Then I send gData to user mode.
Maybe anyone knows why that code doesn’t work?
Thanks!
sure, gData is not allocated
why dont you check status code from RtlCopySid ?
it’s not needed to set ANSI_NULL at the end
wrote in message news:xxxxx@ntfsd…
> Hello, again!
>
> I do the following in order to transfer the sid to user mode, and when this code is executed, I get a blue screen:
>
> PCHAR gData;
> RtlCopySid(sizeof(sid), gData, sid);
> gData[sizeof(sid)] = ANSI_NULL;
>
> Then I send gData to user mode.
>
> Maybe anyone knows why that code doesn’t work?
>
> Thanks!
>
There’s nothing correct going on here.
This routine (RtlCopySid) does not convert an SID to a string. It
copies an SID. Adding a NULL won’t change this. If I recall correctly,
the plan of attack was to use RtlCopySid to copy the SID so that you can
pass it to user mode, where you will then convert it to a string.
You’re not allocating any memory for dData.
Due to the presence of a variable sized array as the last member, an
SID is effectively an incomplete type, so sizeof(sid) probably won’t do
what you want it to do. You need to use RtlLengthSid(sid). What you
have returns the size of an sid, but it includes only the first
subauthority.
Good luck,
mm
xxxxx@gmail.com wrote:
Hello, again!
I do the following in order to transfer the sid to user mode, and when this code is executed, I get a blue screen:
PCHAR gData;
RtlCopySid(sizeof(sid), gData, sid);
gData[sizeof(sid)] = ANSI_NULL;Then I send gData to user mode.
Maybe anyone knows why that code doesn’t work?
Thanks!
Did you allocate a buffer for gData? The second parameter for RtlCopySid
explicitly states:
“Pointer to a CALLER-ALLOCATED buffer to receive a copy of the source SID
structure. The buffer must be at least sizeof(SID)”
You appear to be stomping on unknown memory here.
Secondly, I hope your passing the buffer to usermode and not a pointer.
Matt
----- Original Message -----
From:
To: “Windows File Systems Devs Interest List”
Sent: Monday, February 11, 2008 10:37 AM
Subject: RE:[ntfsd] Convert a SID to a PCHAR
> Hello, again!
>
> I do the following in order to transfer the sid to user mode, and when
> this code is executed, I get a blue screen:
>
> PCHAR gData;
> RtlCopySid(sizeof(sid), gData, sid);
> gData[sizeof(sid)] = ANSI_NULL;
>
> Then I send gData to user mode.
>
> Maybe anyone knows why that code doesn’t work?
>
> Thanks!
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> You are currently subscribed to ntfsd as: matt-martin@tx.rr.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
Besidea all the other comments, you do realize that sizeof(sid) gives you
the minimal header not the sid, you need RtlLengthSid to get the actual size
you want.
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply
wrote in message news:xxxxx@ntfsd…
> Hello, again!
>
> I do the following in order to transfer the sid to user mode, and when
> this code is executed, I get a blue screen:
>
> PCHAR gData;
> RtlCopySid(sizeof(sid), gData, sid);
> gData[sizeof(sid)] = ANSI_NULL;
>
> Then I send gData to user mode.
>
> Maybe anyone knows why that code doesn’t work?
>
> Thanks!
>
So, the line should look like this?
RtlCopySid(RtlLengthSid(sid), gData, sid);
And, how can I allocate memory to gData before I use it?
grrr… At least try a little harder…
Not exactly what I’d do, but will work… gData obviously needs to be the
length of
the return from RtlLengthSid. And you allocate memory for it like anything
else, ExAllocatePoolWithTag.
Just a little advice, you should do a little more research before posting
here if your job
now requires you to write kernel code. You’ll need friends here, but your
not going to make
many if you don’t do your homework; fortunatly I don’t work in IT at any
level 
Matt
----- Original Message -----
From:
>So, the line should look like this? RtlCopySid(RtlLengthSid(sid), gData,
>sid); And, how can I allocate memory to gData >before I use it?
Hello again,
I am trying to send the SID to user mode again, and now I am trying to use the buffer of the sid. I try to copy it to gData which has allocated memory and it looks like everything is ok. The buffer of the sid is an array of UCHAR, so I copy it with a loop to gData, this way:
gData[i] = (CHAR)buffer[i];
But I don’t get anything in user mode. What can be the reason?
Thanks!
I know you’re new to this, but how on earth are we supposed to help you
figure out why your file system filter is not working from this:
gData[i] = (CHAR)buffer[i];
I don’t mean to be a downer, but choosing a file system filter as a
vehicle to learn C is not going to work very well.
Please post your source code.
Good luck,
mm
xxxxx@gmail.com wrote:
Hello again,
I am trying to send the SID to user mode again, and now I am trying to use the buffer of the sid. I try to copy it to gData which has allocated memory and it looks like everything is ok. The buffer of the sid is an array of UCHAR, so I copy it with a loop to gData, this way:
gData[i] = (CHAR)buffer[i];
But I don’t get anything in user mode. What can be the reason?Thanks!