DeviceIoControl

NTDEV
1

How do I limit which programs can communicate with my driver and not let a third party communicate?

I am using DeviceIoControl.

2

ACL your stack appropriately, that will restrict by account and IL type. If you want to restrict it to *your* app, PKI is probably your only recourse, there is no built in app identity in windows that you can check in the driver.

d

dent from a phine with no keynoard

-----Original Message-----
From: xxxxx@hotmail.com
Sent: Tuesday, March 01, 2011 5:13 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] DeviceIoControl

How do I limit which programs can communicate with my driver and not let a third party communicate?

I am using DeviceIoControl.

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

3

You can’t. If the device is known, any program can open it.

You can run your program under a special account and create ACLs on the
device (there’s an article on the OSR site on how to do this) so that only
that account can open it, but any program running under that account can
open it.

If there is only one program, you could create the device as an
exclusive-open device, and once your program starts, no other program can do
a CreateFile.
joe

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@hotmail.com
Sent: Tuesday, March 01, 2011 8:13 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] DeviceIoControl

How do I limit which programs can communicate with my driver and not let a
third party communicate?

I am using DeviceIoControl.

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.