I am trying to write a file filter which would have the following functions:
Only valid user can have the access to a file: can I use SID to
distinguish the valid user from the invalid one? is every existed file has
the SID? and how can I extract SID?
Before the file modification, the file would be saved in a different
place. The information of modification time, user, etc. would be saved as
well.
Can anybody give me some ideas how to implement it? I try to use filespy as
the basis.
> 1. Only valid user can have the access to a file: can I use SID to
distinguish the valid user from the invalid one? is every existed file has
the SID? and how can I extract SID?
It is somewhere in Parameters.Create->SecurityContext. Use
ObOpenObjectByPointer on the token, and then ZwQueryInformationToken for a SID.
Use ClientToken is any, otherwise, use PrimaryToken.
Can anybody give me some ideas how to implement it? I try to use filespy as
the basis.