Hi,
I try to query the user SID from within my filter driver. I read about
this in http://www.osronline.com/custom.cfm?name=articlePrint.cfm&id=50
Unfortunately neither can I find a prototype for ZwOpenProcessToken() in
w2k include files nor any lib which provides this function.
My code looks like this:
status = ZwOpenThreadToken(NtCurrentThread(), TOKEN_READ, TRUE, &th);
if (status == STATUS_NO_TOKEN)
status = ZwOpenProcessToken(NtCurrentProcess(), TOKEN_READ, 0, &th);
if (NT_SUCCESS(status)) {
status = ZwQueryInformationToken(th, TokenUser, buf, sizeof(buf), &tkLen);
…
}
Any idea? Any other way to query for user SID?
Oliver
Use Parameters.Create.SecurityContext, there are 2 tokens there -
impersonation (can be NULL) and the main one.
Try impersonation token, then main one if it is NULL.
Then call ObOpenObjectByPointer.
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: “Oliver Dawid”
To: “Windows System Software Devs Interest List”
Sent: Tuesday, April 25, 2006 5:46 PM
Subject: [ntdev] Query user SID - cannot find ZwOpenProcessToken() for w2k
> Hi,
>
> I try to query the user SID from within my filter driver. I read about
> this in http://www.osronline.com/custom.cfm?name=articlePrint.cfm&id=50
>
> Unfortunately neither can I find a prototype for ZwOpenProcessToken() in
> w2k include files nor any lib which provides this function.
>
> My code looks like this:
>
> status = ZwOpenThreadToken(NtCurrentThread(), TOKEN_READ, TRUE, &th);
> if (status == STATUS_NO_TOKEN)
> status = ZwOpenProcessToken(NtCurrentProcess(), TOKEN_READ, 0, &th);
> if (NT_SUCCESS(status)) {
> status = ZwQueryInformationToken(th, TokenUser, buf, sizeof(buf), &tkLen);
> …
> }
>
> Any idea? Any other way to query for user SID?
>
> Oliver
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
thanks for your answer. Just to be sure, we are talking about the same
thing: you mean
Parameters.Create.SecurityContext->AccessState->SubjectSecurityContext.ClientToken
as impersonation token and
Parameters.Create.SecurityContext->AccessState->SubjectSecurityContext.PrimaryToken
as primary token?
Maxim S. Shatskih wrote:
Use Parameters.Create.SecurityContext, there are 2 tokens there -
impersonation (can be NULL) and the main one.
Try impersonation token, then main one if it is NULL.
Then call ObOpenObjectByPointer.
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: “Oliver Dawid”
> To: “Windows System Software Devs Interest List”
> Sent: Tuesday, April 25, 2006 5:46 PM
> Subject: [ntdev] Query user SID - cannot find ZwOpenProcessToken() for w2k
>
>
>
>>Hi,
>>
>>I try to query the user SID from within my filter driver. I read about
>>this in http://www.osronline.com/custom.cfm?name=articlePrint.cfm&id=50
>>
>>Unfortunately neither can I find a prototype for ZwOpenProcessToken() in
>>w2k include files nor any lib which provides this function.
>>
>>My code looks like this:
>>
>>status = ZwOpenThreadToken(NtCurrentThread(), TOKEN_READ, TRUE, &th);
>>if (status == STATUS_NO_TOKEN)
>>status = ZwOpenProcessToken(NtCurrentProcess(), TOKEN_READ, 0, &th);
>>if (NT_SUCCESS(status)) {
>>status = ZwQueryInformationToken(th, TokenUser, buf, sizeof(buf), &tkLen);
>>…
>>}
>>
>>Any idea? Any other way to query for user SID?
>>
>>Oliver
>>
>>—
>>Questions? First check the Kernel Driver FAQ at
>
> http://www.osronline.com/article.cfm?id=256
>
>>To unsubscribe, visit the List Server section of OSR Online at
>
> http://www.osronline.com/page.cfm?name=ListServer
>
>
> —
> Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
>
>
Parameters.Create.SecurityContext->AccessState->SubjectSecurityContext.ClientTo
ken
as impersonation token and
Parameters.Create.SecurityContext->AccessState->SubjectSecurityContext.PrimaryT
oken
as primary token?
Yes.
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com