The PostCreate function of my minifilter driver can open a remote file with
FltCreateFile() without problem. But when the PostCreate function
creates a new system thread New_Create_Post_Thread() with a
PsCreateSystemThread() call as
status = PsCreateSystemThread( &threadHandle, THREAD_ALL_ACCESS, NULL, NULL, NULL, New_Create_Post_Thread, &Create_Arg);
The newly created New_Create_Post_Thread() tried to open the same file
\Device\LanmanRedirector\TPS100\SharedDocs\WK_test with either
FltCreateFile() or ZwCreateFile() or IoCreateFile() calls, but they all failed with
a return code 0xc0000022 (STATUS_ACCESS_DENIED).
All parameters for the *CreateFile() calls are the same including the parameters for
InitializeObjectAttributes() before the *CreateFile() call.
What did I miss for setting up the *CreateFile() call in the New_Create_Post_Thread?
I can’t find any docs that discuss how to open a file from a newly created system thread.
This is very natural! The system thread is not running under the context of
the user who has access to the network share. Read the archives and you will
find a dozen of similar queries and solutions.
Regards,
Ayush Gupta
AI Consulting
The sender of this email is protected by Emsisoft Antimalware-
www.emsisoft.com
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@TwinPeakSoft.com
Sent: Saturday, August 28, 2010 4:22 PM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] New system thread can not open a remote file
The PostCreate function of my minifilter driver can open a remote file with
FltCreateFile() without problem. But when the PostCreate function creates a
new system thread New_Create_Post_Thread() with a
PsCreateSystemThread() call as
status = PsCreateSystemThread( &threadHandle, THREAD_ALL_ACCESS, NULL, NULL,
NULL, New_Create_Post_Thread, &Create_Arg);
The newly created New_Create_Post_Thread() tried to open the same file
\Device\LanmanRedirector\TPS100\SharedDocs\WK_test with either
FltCreateFile() or ZwCreateFile() or IoCreateFile() calls, but they all
failed with a return code 0xc0000022 (STATUS_ACCESS_DENIED).
All parameters for the *CreateFile() calls are the same including the
parameters for
InitializeObjectAttributes() before the *CreateFile() call.
What did I miss for setting up the *CreateFile() call in the
New_Create_Post_Thread?
I can’t find any docs that discuss how to open a file from a newly created
system thread.
NTFSD is sponsored by OSR
For our schedule of debugging and file system seminars (including our new fs
mini-filter seminar) visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
> The newly created New_Create_Post_Thread() tried to open the same file
\Device\LanmanRedirector\TPS100\SharedDocs\WK_test with either
Surely.
The system thread has wrong security token object as its current token.
–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com
>Read the archives and you will find a dozen of similar queries and solutions.
I have been searched the archives, but no luck.
I’d appreciate if you can give me a pointer.
On a side note, if I change the “ProcessHandle” parameter from NULL to
NtCurrentProcess(), then the “*CreateFile()” calls work. However, the docs
says , “This value should be NULL for a driver-created thread. Use the
NtCurrentProcess macro, defined in Ntddk.h, to specify the current process.”
Any way, using NtCurrentProcess context for the new thread is not why I wanted.
I want to have a new thread that I can put it under a designated context of user.
> The system thread has wrong security token object as its current token.
What is the function to set a right security token object for this new thread?
“Impersonation” and “security subject context” are good keywords for you.
The Security Subject context is for IRP_MJ_CREATE saved here:
_IO_STACK_LOCATION.Create.SecurityContext.AccessState.SubjectSecurityContext
The SeCreateClientSecurityFromSubjectContext + SeImpersonateClientEx are you friends.
Some hints you may find in link below
http://www.osronline.com/showThread.cfm?link=144593
Bronislav Gabrhelik
On 8/30/2010 9:19 AM, xxxxx@TwinPeakSoft.com wrote:
> The system thread has wrong security token object as its current token.
What is the function to set a right security token object for this new thread?
NTFSD is sponsored by OSR
For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
Hi,
there are two ways to open that file:
- KeStackAttachProcess
- Impersonate the system thread (SeImpersonateClientEx)