Problem Using CreateFile....

Hi

I have an intermediate driver and I have created a control device object using NdismRegisterDevice.

my application opens the handle to control device using CreateFile as shown below.

hnd = CreateFile(
“\\.\MyDrv”,
GENERIC_READ | GENERIC_WRITE,
FILE_SHARE READ | FILE_SHARE_WRITE,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL
);

When I run my control application from an Admin user account, it works and it is able to
But when i run from with normal user login, I am not able to open the handle to my device object.

GetlastError() returns ERROR_ACCESS_DENIED.

Can anybody tell me what could be the problem here.

Thanks in advance

|

Regards;

Neeraj Kumar Jha

98195-37916

|

|

|

 

From: “Lyris ListManager” >To: “Neeraj Jha” >Subject: Welcome to the NTDEV Discussion List! >Date: Wed, 26 Jan 2005 09:31:32 -0500 > >Welcome to the NTDEV Discussion List! > >Please read this message completely. It includes info on how to >access the list as well as a list of appropriate behaviors. > >This is the Windows System Software Development discussion list, with a >world-wide membership. To send messages to the mailing list use the >address: > > xxxxx@lists.osr.com > >Your message will automatically be distributed to all members of >the list. Only list members can post to the list. The means that >the address from which you post must be the address you subscribe >to the list with. > >PURPOSE >This
list is maintained by OSR Open Systems Resources, Inc. for the >overall benefit of the Windows system software development community. >The purpose of this list is to facilitate discussion of technical >topics relating to Windows system software development. > >BEHAVIOR >The following are specifically inappropriate regarding this list: > >1) Commercial postings - This is a technical list, and the only >posts that are allowed are technical in nature. Please don’t post >advertisements or announcements for your products, services, or >activities to the list. Your posting will NOT be considered >technical(and thus legitimate), just because it starts with “I just >wanted all you to know that we’ve released a new version of” some >software. On the other hand, if somebody posts question saying >“Can anybody recommend a good XYZ?”, it’s perfectly fine
to answer >“Yeah, we make XYZ’s and we think they’re pretty cool. Please >contact me off-list for more info.” > >2) Job solicitations - Not from commercial concerns looking for >developers, not from head hunters, not from small companies, not >from people looking for work, not from consultants looking for >clients. There is a Windows drivers job posting bulletin board >for both people seeking jobs and people who are looking for >developers at http://www.osronline.com. Use it, not this list. > >3) Salary, consulting rate or price discussions - Something about >the laws here in the States about price fixing comes into play here. >Please just don’t do it. > >4) Use of the email addresses of list members for “direct mail >advertising” of any type. > >5) Anything that, in the judgment of the list managers, is not in >keeping with the
overall purpose of the list or is not in the best >interest of the Windows system software development community. > >Multiple incidents of inappropriate conduct on the list will result >in that member, and perhaps all members from the offender’s company, >being banned from the list. > >READING, POSTING, SEARCHING >You may read messages from, and post messages to, this list in either of >three ways: > >1) Via email (discussion, digest, or index). Select the type via >the web interface (see “Managing Your List Membership” below). > >2) Via a news reader (such as outlook express). Point your >newsreader to lists.osr.com, use your email address as your >username and supply the password that you used when you signed up. > >A complete description of how to participate in the list, including >a detailed description of how to set-up and
use the Outlook Newsreader >with NTDEV is available at http://www.osronline.com/page.cfm?name=ListServer > >The list archive is maintained on the web, in full text searchable >form. The search facility is available from the homepage at >http://www.osronline.com (select NTDEV from the drop-down menu in >the SEARCH box on the left). > >Postings to this list should be in plain ASCII text (postings in >HTML are presently allowed, but not greatly appreciated by the list >members). Postings with attachments (or multiple body parts) will be >rejected. > >MANAGING YOUR LIST MEMBERSHIP >Almost everything that you might ever need to do regarding your list >membership is most easily and effectively performed via Lyris’s Web >interface at http://www.osronline.com/page.cfm?name=ListServer. Go check it out now… > >The web interface allows you to
select which TYPE of membership >(discussion, digest, index, no mail), allows you to manage your >list password (which can be different from your OSR Online password), >and allows you to re-set your account when it has been put on “hold”. > >Every message you receive has a footer that tells you how to get off >this list. Please, we beg you, Do NOT send administrative requests >to the posting address “xxxxx@lists.osr.com”. > >If you have ANY problems related to the ntdev Discussion List, >please do not post them to the list. List managers (A.K.A. List >Slaves) are at your disposal for this very purpose; please avail >yourself of the resource: > > xxxxx@lists.osr.com > >The List Slaves do not monitor the list every day. Mostly, the list >just runs itself. If you experience problems with the list, or you >stop getting postings
from the list for several days, please don’t >hesitate to contact the List Slaves. > >Once again, welcome to the NTDEV Discussion List. > >The List Team >OSR Open Systems Resources, Inc.


Try the all-new MSN Search! Find exactly what you want. Get more value for your time.

I recommend using a service to talk to the driver. The service will, by
default, have local system admin rights. You application can then talk to
the service via some interface you define.

Jamey


From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of neeraj jha
Sent: Wednesday, January 26, 2005 6:39 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Problem Using CreateFile…

Hi

I have an intermediate driver and I have created a control device object
using NdismRegisterDevice.

my application opens the handle to control device using CreateFile as shown
below.

hnd = CreateFile(
“\\.\MyDrv”,
GENERIC_READ | GENERIC_WRITE,
FILE_SHARE READ | FILE_SHARE_WRITE,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL
);

When I run my control application from an Admin user account, it works and
it is able to
But when i run from with normal user login, I am not able to open the handle
to my device object.

GetlastError() returns ERROR_ACCESS_DENIED.

Can anybody tell me what could be the problem here.

Thanks in advance

Regards;

Neeraj Kumar Jha

http: 98195-37916

>From: “Lyris ListManager” >To: “Neeraj Jha”
>Subject: Welcome to the NTDEV Discussion List!
>Date: Wed, 26 Jan 2005 09:31:32 -0500 > >Welcome to the NTDEV Discussion
List! > >Please read this message completely. It includes info on how to
>access the list as well as a list of appropriate behaviors. > >This is the
Windows System Software Development discussion list, with a >world-wide
membership. To send messages to the mailing list use the >address: > >
xxxxx@lists.osr.com > >Your message will automatically be distributed to all
members of >the list. Only list members can post to the list. The means that
>the address from which you post must be the address you subscribe >to the
list with. > >PURPOSE >This list is maintained by OSR Open Systems
Resources, Inc. for the >overall benefit of the Windows system software
development community. >The purpose of this list is to facilitate discussion
of technical >topics relating to Windows system software development. >
>BEHAVIOR >The following are specifically inappropriate regarding this list:
> >1) Commercial postings - This is a technical list, and the only >posts
that are allowed are technical in nature. Please don’t post >advertisements
or announcements for your products, services, or >activities to the list.
Your posting will NOT be considered >technical(and thus legitimate), just
because it starts with “I just >wanted all you to know that we’ve released a
new version of” some >software. On the other hand, if somebody posts
question saying >“Can anybody recommend a good XYZ?”, it’s perfectly fine to
answer >“Yeah, we make XYZ’s and we think they’re pretty cool. Please
>contact me off-list for more info.” > >2) Job solicitations - Not from
commercial concerns looking for >developers, not from head hunters, not from
small companies, not >from people looking for work, not from consultants
looking for >clients. There is a Windows drivers job posting bulletin board
>for both people seeking jobs and people who are looking for >developers at
http://www.osronline.com. Use it, not this list. > >3) Salary, consulting
rate or price discussions - Something about >the laws here in the States
about price fixing comes into play here. >Please just don’t do it. > >4) Use
of the email addresses of list members for “direct mail >advertising” of any
type. > >5) Anything that, in the judgment of the list managers, is not in
>keeping with the overall purpose of the list or is not in the best
>interest of the Windows system software development community. > >Multiple
incidents of inappropriate conduct on the list will result >in that member,
and perhaps all members from the offender’s company, >being banned from the
list. > >READING, POSTING, SEARCHING >You may read messages from, and post
messages to, this list in either of >three ways: > >1) Via email
(discussion, digest, or index). Select the type via >the web interface (see
“Managing Your List Membership” below). > >2) Via a news reader (such as
outlook express). Point your >newsreader to lists.osr.com, use your email
address as your >username and supply the password that you used when you
signed up. > >A complete description of how to participate in the list,
including >a detailed description of how to set-up and use the Outlook
Newsreader >with NTDEV is available at
http://www.osronline.com/page.cfm?name=ListServer > >The list archive is
maintained on the web, in full text searchable >form. The search facility is
available from the homepage at >http://www.osronline.com (select NTDEV from
the drop-down menu in >the SEARCH box on the left). > >Postings to this list
should be in plain ASCII text (postings in >HTML are presently allowed, but
not greatly appreciated by the list >members). Postings with attachments (or
multiple body parts) will be >rejected. > >MANAGING YOUR LIST MEMBERSHIP
>Almost everything that you might ever need to do regarding your list
>membership is most easily and effectively performed via Lyris’s Web
>interface at http://www.osronline.com/page.cfm?name=ListServer. Go check it
out now… > >The web interface allows you to select which TYPE of
membership >(discussion, digest, index, no mail), allows you to manage your
>list password (which can be different from your OSR Online password), >and
allows you to re-set your account when it has been put on “hold”. > >Every
message you receive has a footer that tells you how to get off >this list.
Please, we beg you, Do NOT send administrative requests >to the posting
address “xxxxx@lists.osr.com”. > >If you have ANY problems related to the
ntdev Discussion List, >please do not post them to the list. List managers
(A.K.A. List >Slaves) are at your disposal for this very purpose; please
avail >yourself of the resource: > > xxxxx@lists.osr.com > >The List
Slaves do not monitor the list every day. Mostly, the list >just runs
itself. If you experience problems with the list, or you >stop getting
postings from the list for several days, please don’t >hesitate to contact
the List Slaves. > >Once again, welcome to the NTDEV Discussion List. > >The
List Team >OSR Open Systems Resources, Inc.

_____

Try the all-new MSN Search! Find exactly what you want. Get more value
http: for your time. —
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@tfb.com
To unsubscribe send a blank email to xxxxx@lists.osr.com</http:></http:>

The problem is device access rights which don’t allow R/W access for ordinal users. You can use service to access device as Jamey suggested (easier) or change device security descriptor according to your needs. Following article can help you: http://www.sysinternals.com/ntw2k/source/devsec.shtml.

I did it successfully in the past for devices created the same way because default rights were both weak (for server adapter) and strong (for client one). The very first question you should ask yourself is if ordinal users really need to open the device and if it wouldn’t create a security hole. If you aren’t sure, use service solution instead.

Best regards,

Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]


From: xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on behalf of neeraj jha[SMTP:xxxxx@hotmail.com]
Reply To: Windows System Software Devs Interest List
Sent: Wednesday, January 26, 2005 3:39 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Problem Using CreateFile…

Hi

I have an intermediate driver and I have created a control device object using NdismRegisterDevice.

my application opens the handle to control device using CreateFile as shown below.

hnd = CreateFile(
“\\.\MyDrv”,
GENERIC_READ | GENERIC_WRITE,
FILE_SHARE READ | FILE_SHARE_WRITE,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL
);

When I run my control application from an Admin user account, it works and it is able to
But when i run from with normal user login, I am not able to open the handle to my device object.

GetlastError() returns ERROR_ACCESS_DENIED.

Can anybody tell me what could be the problem here.

Thanks in advance

Regards;

Neeraj Kumar Jha

http: 98195-37916
>
></http:>