Hi!
I need to access the file from user mode I do not have rights to access.
Can I open this file from kernel mode driver and pass file handle to user
mode? Is this possible?
Thanks for help!
Regards,
Anton
Handle is valid only in the context of the process called ZwCreateFile, so
you could try to call ZwCreateFile in the context of your user-mode
application (an example in IOCTL handler). I’m not sure that it will work,
however I don’t see any reason not to try. Or alternatively
- Your driver can serve as a proxy for user-mode application in it’s file
operations. - You could modify file security descriptor and allow user-mode application
access. - Create temporary copy of file from kernel with proprietary security
descriptor or so on…
BR,
Vadim
http://www.ntndis.com
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Anton Kolomyeytsev
Sent: Tuesday, July 02, 2002 2:28 PM
To: File Systems Developers
Subject: [ntfsd] Passing file handle from kernel mode to user mode?
Hi!
I need to access the file from user mode I do not have rights to access.
Can I open this file from kernel mode driver and pass file handle to user
mode? Is this possible?
Thanks for help!
Regards,
Anton
You are currently subscribed to ntfsd as: xxxxx@pcausa.com
To unsubscribe send a blank email to %%email.unsub%%
P.S. Sorry, if calling NtCreateFile (ZwCreateFile) in the context of the
process which have no right to do this you will also have ACCESS_DENIED even
in the kernel mode.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Anton Kolomyeytsev
Sent: Tuesday, July 02, 2002 2:28 PM
To: File Systems Developers
Subject: [ntfsd] Passing file handle from kernel mode to user mode?
Hi!
I need to access the file from user mode I do not have rights to access.
Can I open this file from kernel mode driver and pass file handle to user
mode? Is this possible?
Thanks for help!
Regards,
Anton
You are currently subscribed to ntfsd as: xxxxx@pcausa.com
To unsubscribe send a blank email to %%email.unsub%%
Hi!
Yes I’ll try this. Thank you for pointing!
-
This is what most of the people do. Route STPI traffic thru the kernel
mode driver. I’d like to avoid this. Too complex. Sounds like overkill… -
Any sample how to do it? At least API function names.
-
I cannot as this is handle of the hard drive or CD/DVD device…
Thanks for help!
Anton Kolomyeytsev
Handle is valid only in the context of the process called ZwCreateFile, so
you could try to call ZwCreateFile in the context of your user-mode
application (an example in IOCTL handler). I’m not sure that it will work,
however I don’t see any reason not to try. Or alternatively
- Your driver can serve as a proxy for user-mode application in it’s file
operations.- You could modify file security descriptor and allow user-mode application
access.- Create temporary copy of file from kernel with proprietary security
descriptor or so on…BR,
Vadim
http://www.ntndis.com-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Anton Kolomyeytsev
Sent: Tuesday, July 02, 2002 2:28 PM
To: File Systems Developers
Subject: [ntfsd] Passing file handle from kernel mode to user mode?Hi!
I need to access the file from user mode I do not have rights to access.
Can I open this file from kernel mode driver and pass file handle to user
mode? Is this possible?Thanks for help!
Regards,
Anton
You are currently subscribed to ntfsd as: xxxxx@pcausa.com
To unsubscribe send a blank email to %%email.unsub%%
Hi Vadim, Michal and everybody who is interested in this topic!
As I’ve promised I’m telling the results of my investigation. In three
words: It really works! You can open the device from kernel mode with help
of ZwCreateFile(), pass the resulting handle to the user mode application
thru the DeviceIoControl(). And you’ll be able to use this handle (in the
same thread context of course). And this is all w/o rights to open the
same device with CreateFile() directly from user mode application (fails
with Win32 error code 5 - “access denied” I guess).
Thanks to Andrey Shedel for surch a great idea! I did not even though
everything will be so simple. I’ve already prepared to write full featured
driver to route SPTI traffic thru it and now I can skip this -)
Regards,
Anton Kolomyeytsev
I really don’t know if security check skiped.
Anton, please let us know if succeded.
BR,
Vadim
“Vodicka, Michal” <michal.vodicka> wrote in message
news:xxxxx@ntfsd…
>
> IIRC access rights check is skipped if request originator is in kernel
mode
> and this call should succeed (correct me if it is wrong).
>
> BTW, I’d like to see a good reason for something like this (i.e. violation
> of NT security). Trojan support? 
>
> Best regards,
>
> Michal Vodicka
> STMicroelectronics Design and Application s.r.o.
> [michal.vodicka@st.com, http:://www.st.com]
>
> > ----------
> > From: xxxxx@pcausa.com[SMTP:xxxxx@pcausa.com]
> > Reply To: xxxxx@lists.osr.com
> > Sent: Tuesday, July 02, 2002 1:05 PM
> > To: xxxxx@lists.osr.com
> > Subject: [ntfsd] RE: Passing file handle from kernel mode to user
> > mode?
> >
> > P.S. Sorry, if calling NtCreateFile (ZwCreateFile) in the context of the
> > process which have no right to do this you will also have ACCESS_DENIED
> > even
> > in the kernel mode.
> >
> > -----Original Message-----
> > From: xxxxx@lists.osr.com
> > [mailto:xxxxx@lists.osr.com]On Behalf Of Anton Kolomyeytsev
> > Sent: Tuesday, July 02, 2002 2:28 PM
> > To: File Systems Developers
> > Subject: [ntfsd] Passing file handle from kernel mode to user mode?
> >
> >
> > Hi!
> >
> > I need to access the file from user mode I do not have rights to access.
> > Can I open this file from kernel mode driver and pass file handle to
user
> > mode? Is this possible?
> >
> > Thanks for help!
> >
> > Regards,
> > Anton
> ></michal.vodicka>
Why would one need to do this?
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Anton Kolomyeytsev
Sent: Saturday, July 13, 2002 7:40 AM
To: File Systems Developers
Subject: [ntfsd] RE: Passing file handle from kernel mode to user mode?
Hi Vadim, Michal and everybody who is interested in this topic!
As I’ve promised I’m telling the results of my investigation. In three
words: It really works! You can open the device from kernel mode with
help
of ZwCreateFile(), pass the resulting handle to the user mode
application
thru the DeviceIoControl(). And you’ll be able to use this handle (in
the
same thread context of course). And this is all w/o rights to open the
same device with CreateFile() directly from user mode application (fails
with Win32 error code 5 - “access denied” I guess).
Thanks to Andrey Shedel for surch a great idea! I did not even though
everything will be so simple. I’ve already prepared to write full
featured
driver to route SPTI traffic thru it and now I can skip this -)
Regards,
Anton Kolomyeytsev
I really don’t know if security check skiped.
Anton, please let us know if succeded.
BR,
Vadim
“Vodicka, Michal” <michal.vodicka> wrote in message
news:xxxxx@ntfsd…
>
> IIRC access rights check is skipped if request originator is in kernel
mode
> and this call should succeed (correct me if it is wrong).
>
> BTW, I’d like to see a good reason for something like this (i.e.
violation
> of NT security). Trojan support?
>
> Best regards,
>
> Michal Vodicka
> STMicroelectronics Design and Application s.r.o.
> [michal.vodicka@st.com, http:://www.st.com]
>
> > ----------
> > From: xxxxx@pcausa.com[SMTP:xxxxx@pcausa.com]
> > Reply To: xxxxx@lists.osr.com
> > Sent: Tuesday, July 02, 2002 1:05 PM
> > To: xxxxx@lists.osr.com
> > Subject: [ntfsd] RE: Passing file handle from kernel mode to user
> > mode?
> >
> > P.S. Sorry, if calling NtCreateFile (ZwCreateFile) in the context of
the
> > process which have no right to do this you will also have
ACCESS_DENIED
> > even
> > in the kernel mode.
> >
> > -----Original Message-----
> > From: xxxxx@lists.osr.com
> > [mailto:xxxxx@lists.osr.com]On Behalf Of Anton
Kolomyeytsev
> > Sent: Tuesday, July 02, 2002 2:28 PM
> > To: File Systems Developers
> > Subject: [ntfsd] Passing file handle from kernel mode to user mode?
> >
> >
> > Hi!
> >
> > I need to access the file from user mode I do not have rights to
access.
> > Can I open this file from kernel mode driver and pass file handle to
user
> > mode? Is this possible?
> >
> > Thanks for help!
> >
> > Regards,
> > Anton
> >
—
You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
To unsubscribe send a blank email to %%email.unsub%%</michal.vodicka>
For ASPI implementations able to work under non-admin.
----- Original Message -----
From: “Jamey Kirby”
To: “File Systems Developers”
Sent: Saturday, July 13, 2002 8:27 PM
Subject: [ntfsd] RE: Passing file handle from kernel mode to user
mode?
> Why would one need to do this?
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Anton
Kolomyeytsev
> Sent: Saturday, July 13, 2002 7:40 AM
> To: File Systems Developers
> Subject: [ntfsd] RE: Passing file handle from kernel mode to user
mode?
>
> Hi Vadim, Michal and everybody who is interested in this topic!
>
> As I’ve promised I’m telling the results of my investigation. In
three
> words: It really works! You can open the device from kernel mode
with
> help
> of ZwCreateFile(), pass the resulting handle to the user mode
> application
> thru the DeviceIoControl(). And you’ll be able to use this handle
(in
> the
> same thread context of course). And this is all w/o rights to open
the
> same device with CreateFile() directly from user mode application
(fails
> with Win32 error code 5 - “access denied” I guess).
>
> Thanks to Andrey Shedel for surch a great idea! I did not even
though
> everything will be so simple. I’ve already prepared to write full
> featured
> driver to route SPTI traffic thru it and now I can skip this -)
>
> Regards,
> Anton Kolomyeytsev
>
> I really don’t know if security check skiped.
> Anton, please let us know if succeded.
>
> BR,
> Vadim
>
> “Vodicka, Michal” <michal.vodicka> wrote in message
> news:xxxxx@ntfsd…
> >
> > IIRC access rights check is skipped if request originator is in
kernel
> mode
> > and this call should succeed (correct me if it is wrong).
> >
> > BTW, I’d like to see a good reason for something like this (i.e.
> violation
> > of NT security). Trojan support?
> >
> > Best regards,
> >
> > Michal Vodicka
> > STMicroelectronics Design and Application s.r.o.
> > [michal.vodicka@st.com, http:://www.st.com]
> >
> > > ----------
> > > From: xxxxx@pcausa.com[SMTP:xxxxx@pcausa.com]
> > > Reply To: xxxxx@lists.osr.com
> > > Sent: Tuesday, July 02, 2002 1:05 PM
> > > To: xxxxx@lists.osr.com
> > > Subject: [ntfsd] RE: Passing file handle from kernel mode to
user
> > > mode?
> > >
> > > P.S. Sorry, if calling NtCreateFile (ZwCreateFile) in the
context of
> the
> > > process which have no right to do this you will also have
> ACCESS_DENIED
> > > even
> > > in the kernel mode.
> > >
> > > -----Original Message-----
> > > From: xxxxx@lists.osr.com
> > > [mailto:xxxxx@lists.osr.com]On Behalf Of Anton
> Kolomyeytsev
> > > Sent: Tuesday, July 02, 2002 2:28 PM
> > > To: File Systems Developers
> > > Subject: [ntfsd] Passing file handle from kernel mode to user
mode?
> > >
> > >
> > > Hi!
> > >
> > > I need to access the file from user mode I do not have rights to
> access.
> > > Can I open this file from kernel mode driver and pass file
handle to
> user
> > > mode? Is this possible?
> > >
> > > Thanks for help!
> > >
> > > Regards,
> > > Anton
> > >
>
> —
> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to %%email.unsub%%
>
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to %%email.unsub%%
></michal.vodicka>