creating restricted process

Sourabh_Arvikar · August 19, 2014, 2:51am

Hi i am trying to create restricted process with the help of SeFilterToken, SeCreateClientSecurity and SeImpersonateClientEx but it seem to be very difficult or i am doing some thing wrong.

Can any budy provide right direction to implement this API’s in proper way.

Or

Is there any way to create restricted process from driver.

Thanks

Tim_Roberts · August 19, 2014, 1:49pm

xxxxx@gmail.com wrote:

Hi i am trying to create restricted process with the help of SeFilterToken, SeCreateClientSecurity and SeImpersonateClientEx but it seem to be very difficult or i am doing some thing wrong.

Can any budy provide right direction to implement this API’s in proper way.

The Windows security model is quite powerful, but the C API is baroquely
complicated. The best you can do is scour the web looking for examples
of people doing similar tasks.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Maxim_S_Shatskih · August 19, 2014, 2:34pm

I think starting a process from driver is not supported at all.

wrote in message news:xxxxx@ntdev…
> Hi i am trying to create restricted process with the help of SeFilterToken, SeCreateClientSecurity and SeImpersonateClientEx but it seem to be very difficult or i am doing some thing wrong.
>
> Can any budy provide right direction to implement this API’s in proper way.
>
> Or
>
> Is there any way to create restricted process from driver.
>
> Thanks
>
>

OSR_Community_User · August 20, 2014, 12:33am

Most of the security documentation is available in the SDK (user mode). Therefore yoiu should first try to perform your tasks in user mode and then find the kernel mode equivalent APIs to perform the tasks in kernel mode.

http://msdn.microsoft.com/en-us/library/windows/desktop/aa379609(v=vs.85).aspx

Pavel_A1 · August 20, 2014, 12:40am

On 19-Aug-2014 21:33, Maxim S. Shatskih wrote:

I think starting a process from driver is not supported at all.

Each OS has its taboos… In Windows, drivers can do a lot with files,
but launching usermode process is no-no.
In Linux IIRC they can start a process from kernelmode, but touching
files is no-no (because of chroot).
– pa

Maxim_S_Shatskih · August 20, 2014, 8:06am

> In Linux IIRC they can start a process from kernelmode

Kernel process? or user process?

“Kernel process” in Windows is system thread, which the drivers can start.

–
Maxim S. Shatskih
Microsoft MVP on File System And Storage
xxxxx@storagecraft.com
http://www.storagecraft.com

Sourabh_Arvikar · August 21, 2014, 3:36am

Yup it seems that creating process in driver not possible.

Anyways thanks all for your replies.