Good morning folks,
I’m doing a mini-research on security/authentication etc. on
mini-filters. I’ve read a few docs (OSR and MSDN mainly) but I admit I
got a bit confused. So, I’d like your help on clarifying some issues
* I need to get the process that issued the IRP. Do I have to retrieve
process/thread information in IRP_MJ_CREATE (and store this information
in the FO’s stream handle context) or do I have to do it for each IRP
I intercept?
* I’ve read something about the issuer of the IRP may not be the one I
think it is (e.g. previously pended IRPs being resume in different
process/thread context, the system process doing its magic etc.). Is
there a bullet-proof way of retrieving the original issuer? Does the
“original issuer” make sense at all?
* What happens with impersonation? If a thread impersonates a user, is
it possible to receive IRPs on an FO that was created as a
non-impersonated user? If yes, how can this be noticed?
Regards
–
Thanos Makatos
Software engineer
Barcelona Supercomputing Center
WARNING / LEGAL TEXT: This message is intended only for the use of the
individual or entity to which it is addressed and may contain
information which is privileged, confidential, proprietary, or exempt
from disclosure under applicable law. If you are not the intended
recipient or the person responsible for delivering the message to the
intended recipient, you are strictly prohibited from disclosing,
distributing, copying, or in any way using this message. If you have
received this communication in error, please notify the sender and
destroy and delete any copies you may have received.