Hi
I have a minifilter driver that needs to log data about who is reading files. ( the owner of the process that initiate the read operation).
I was thinking to use the security descriptor that is linked to IRP_MJ_CREATE, but that seems to be always NULL.
can I use FltGetRequestorProcess()? How would I get the process owner from this function?
Is there any other way that I can get these data?
Thanks for your help
Pada
From the token get the LUID which you can use to get either the user name or SID.
D.
xxxxx@hotmail.com wrote:
Hi
I have a minifilter driver that needs to log data about who is reading files. ( the owner of the process that initiate the read operation).
I was thinking to use the security descriptor that is linked to IRP_MJ_CREATE, but that seems to be always NULL.can I use FltGetRequestorProcess()? How would I get the process owner from this function?
Is there any other way that I can get these data?
Thanks for your help
Pada
Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@alfasp.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
–
King regards, Dejan
http://www.alfasp.com
File system audit, security and encryption kits.