When someone says “I have a way to protect X against Y” my first response
is to try to come up with several ways of cracking that protection.
Knowing what “process” is involved seems to me to be really a ridiculously
simplistic approach that could be cracked trivially.
A more secure mechanism would be to let any process open the device, but
require a challenge-response (using a DeviceIoControl) to enable activity.
If the challenge-response is met, you let things go through; if not,
every attempt to use the device is refused with an error indication.
Challenge-response algorithms are well-understood technology.
Exactly how knowing what “process” is in use is not very informative;
something useful must be known about that process, and whatever it is, I
can probably fake it easily. But then, I’ve been thinking about computer
security issues for decades. I started working in computer security in
1975.
The whole idea of somehow magically detecting that the “process” is valid
seems deeply flawed.
joe
Yes, I think the FS minifilter is where you get visibility to the calling
process
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Tuesday, December 27, 2011 6:45 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] is process still alive?
Sorry for hijacking your post Arif.
>>>>> Note that for storage and some other stacks, you may not be high
>>>>> enough in the
stack to see the requesting process.
Doron, in storage stack is there a place where a filter can see the
requesting process? A FS mini filter? Thank you.
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer