Hi All,
Is it possible to get the notification of user login,Logoff and User Credentials Information in a Driver ?
If Yes How ? Is there some notification routine Provided ?
I know that a user mode NT service can get the notification of Logoff,and i also know how to detect logon using winlogon process detection…But is there some kernel mode APIs available for the same ?
Any Help is appreciated…
Regards…
Subodh Radheshyam Gupta
For logoff you can use:
SeRegisterLogonSessionTerminatedRoutine
SeMarkLogonSessionForTerminationNotification
SeUnregisterLogonSessionTerminatedRoutine
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of subodh gupta
Sent: Monday, April 14, 2003 11:25 PM
To: NT Developers Interest List
Subject: [ntdev] How to get user login or logoff notifications in driver
?
Hi All,
Is it possible to get the notification of user login,Logoff and User
Credentials Information in a Driver ?
If Yes How ? Is there some notification routine Provided ?
I know that a user mode NT service can get the notification of
Logoff,and i also know how to detect logon using winlogon process
detection…But is there some kernel mode APIs available for the same ?
Any Help is appreciated…
Regards…
Subodh Radheshyam Gupta
You are currently subscribed to ntdev as: xxxxx@nryan.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
For login - no. The only way is to catch the SecurityContext in MJ_CREATE path.
For logoff - the Sexxx routines are already described in this topic.
Max
----- Original Message -----
From: subodh gupta
To: NT Developers Interest List
Sent: Tuesday, April 15, 2003 10:24 AM
Subject: [ntdev] How to get user login or logoff notifications in driver ?
Hi All,
Is it possible to get the notification of user login,Logoff and User Credentials Information in a Driver ?
If Yes How ? Is there some notification routine Provided ?
I know that a user mode NT service can get the notification of Logoff,and i also know how to detect logon using winlogon process detection…But is there some kernel mode APIs available for the same ?
Any Help is appreciated…
Regards…
Subodh Radheshyam Gupta
You are currently subscribed to ntdev as: xxxxx@storagecraft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Hi Max,
I found that Microsoft Knowledge Base Article - 151424 - Detecting Logoff from a Service tells that the driver may detect the execution [Using PsLoadImageNotifyRoutine or PsSetCreateProcessNotifyRoutine] of winlogon.exe and thus can surely know that the interactive session is on.
Regards..
Subodh Radheshyam Gupta
----- Original Message -----
From: Maxim S. Shatskih
To: NT Developers Interest List
Sent: Wednesday, April 16, 2003 2:20 AM
Subject: [ntdev] Re: How to get user login or logoff notifications in driver ?
For login - no. The only way is to catch the SecurityContext in MJ_CREATE path.
For logoff - the Sexxx routines are already described in this topic.
Max
----- Original Message -----
From: subodh gupta
To: NT Developers Interest List
Sent: Tuesday, April 15, 2003 10:24 AM
Subject: [ntdev] How to get user login or logoff notifications in driver ?
Hi All,
Is it possible to get the notification of user login,Logoff and User Credentials Information in a Driver ?
If Yes How ? Is there some notification routine Provided ?
I know that a user mode NT service can get the notification of Logoff,and i also know how to detect logon using winlogon process detection..But is there some kernel mode APIs available for the same ?
Any Help is appreciated....
Regards...
Subodh Radheshyam Gupta
You are currently subscribed to ntdev as: xxxxx@softhome.net
To unsubscribe send a blank email to xxxxx@lists.osr.com