Hi
I want to limit usage of certain IOCTLs only to those who established connection with the device using GENERIC_ALL access flag (e.g.: in CreateFile). Could I set more restrictive access to IOCTL in CTL_CODE macro than “FILE_READ_ACCESS | FILE_WRITE_ACCESS”?
Thanks,
Tomasz
Didn’t like my answer on the wdk forum?
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Tuesday, January 22, 2013 9:14 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] IOCTL with maximum restricted access
Hi
I want to limit usage of certain IOCTLs only to those who established connection with the device using GENERIC_ALL access flag (e.g.: in CreateFile). Could I set more restrictive access to IOCTL in CTL_CODE macro than “FILE_READ_ACCESS | FILE_WRITE_ACCESS”?
Thanks,
Tomasz
NTDEV is sponsored by OSR
OSR is HIRING!! See http://www.osr.com/careers
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
IoValidateDeviceIoControlAccess?
wrote in message news:xxxxx@ntdev…
> IoValidateDeviceIoControlAccess?
As documented, it can check only for read or write access, not GenericAll.
The OP seems to have one of those costly design-time bugs 
– pa
>As documented, it can check only for read or write access, not GenericAll
Why not call it twice to check for both?