Process Parameters

Eris_Vorta · February 2, 2009, 8:40am

I am filtering IRP_MJ_CREATE. I want to extract process parameters in my mini filter driver. One way by I can achieve parameter is by using PEB structure. But as it is user mode structure and can also change in service pack and future versions. So Is there any safe method to get process parameters?

Ken_Johnson · February 2, 2009, 11:00am

The PEB is user writable and cannot be trusted under any circumstances. You need to replace existing code that assumes the user won’t manipulate it to their gain, or to crash your driver.

Why do you believe that you need to do this? What are you actually attempting to accomplish here?

? S

-----Original Message-----
From: xxxxx@hotmail.com
Sent: Monday, February 02, 2009 05:40
To: Windows File Systems Devs Interest List
Subject: [ntfsd] Process Parameters

I am filtering IRP_MJ_CREATE. I want to extract process parameters in my mini filter driver. One way by I can achieve parameter is by using PEB structure. But as it is user mode structure and can also change in service pack and future versions. So Is there any safe method to get process parameters?

—
NTFSD is sponsored by OSR

For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Eris_Vorta · February 3, 2009, 1:33am

Thanks for your reply Ken. This is the small task of my project which I need to perform. And task is getting process parameters in mini filter. I think their should be some secure way to get process parameters. So I thought to get some expert views on it.

Ken_Johnson · February 3, 2009, 2:00am

Why do you need to get the process parameters in the first place?

? S

-----Original Message-----
From: xxxxx@hotmail.com
Sent: Monday, February 02, 2009 22:33
To: Windows File Systems Devs Interest List
Subject: RE:[ntfsd] Process Parameters

Thanks for your reply Ken. This is the small task of my project which I need to perform. And task is getting process parameters in mini filter. I think their should be some secure way to get process parameters. So I thought to get some expert views on it.

—
NTFSD is sponsored by OSR

For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer