Difference between DACL and OWNER security request IRPs

Hello all,

I got IRP_MJ_QUERY_SECURITY to work when requesting info about OWNER, but
when I process this same IRP for DACL information, the Irp->UserBuffer is
invalid.

I get a DACL request IRP first with NULL userbuffer, so I return the size
needed in Irp->IoStatus.Information, and system responds with another IRP
with a bad address in the UserBuffer. When I probe and lock the pages, I
get an access violation. The Buffer address is usually something like
0x000DFC28.

When I process a request for owner info, the buffer is good and everything
works. Does anyone know why this is happening?

Thanks

Greg Pearce

Whoops… sorry - I just discovered that the system was running at irql=1F
when this happened…

More stupidity, sorry. I don’t understand why the !pcr debugger command
always shows irql=1f no matter what (it seems), in either case during my
debugging of the two security calls. Is this because the debugger is
running when I issue the command? My other problem still exists, and any
info anyone can provide would be helpful.

Thanks

Hi,

May be the user buffer comes as an MDL?

Regards,
Leonid Zhigunov

“Greg Pearce” wrote in message news:xxxxx@ntfsd…
>
> More stupidity, sorry. I don’t understand why the !pcr debugger command
> always shows irql=1f no matter what (it seems), in either case during my
> debugging of the two security calls. Is this because the debugger is
> running when I issue the command? My other problem still exists, and any
> info anyone can provide would be helpful.
>
> Thanks
>
>

Leonid,

Nope, the MDL is NULL for both calls…

Thanks and regards

Greg

If you ask the wrong question the answer does not matter. I am quite
confused about this security stuff, but I have figured out what the
“difference” is. I have re-worded the question and have re-posted it with
the subject of “system security requests vs usermode security requests”.
Sorry about all this noise.

Greg