Hello,
I have file system filter driver ported to Itanium and running under Win2003
SP1. The driver code works fine in 32-bit mode under all Microsoft 32bit OS
versions from NT to Win2k3 R2. In context of the driver I have code that
retrieves User’s SID for a current process by simple scheme:
1.Open process
2.Open process token.
3.Query token information for class TokenUser.
The code works on Itanium, but the result returned by
ZwQueryInformationToken( function return STATUS_SUCCESS ) return structure
is not complete garbage, but it’s not expected SID either( seems like well
known sid like NT AUTHORITY - but it’s not the SID that I expect ).
I also used PsReferencePrimaryToken and SeQuery… API and received the same
results.
Can someone shed light on the strange situation?
Similar by functionality code running in User Mode returns correct
information…
Driver code executed in context of file open operation by current process(
let’s assume that it’s cmd.exe executed by locally logged administrator,
i.e. I expect to see SID of the local administrator - on 32 bit platform
it’s what I see anyway ).
Thanks,
Alex.
Express yourself instantly with MSN Messenger! Download today it’s FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Wrong alignment?
–
“Alex Korthny” wrote in message news:xxxxx@ntdev…
> Hello,
>
> I have file system filter driver ported to Itanium and running under
> Win2003 SP1. The driver code works fine in 32-bit mode under all Microsoft
> 32bit OS versions from NT to Win2k3 R2. In context of the driver I have
> code that retrieves User’s SID for a current process by simple scheme:
> 1.Open process
> 2.Open process token.
> 3.Query token information for class TokenUser.
>
> The code works on Itanium, but the result returned by
> ZwQueryInformationToken( function return STATUS_SUCCESS ) return structure
> is not complete garbage, but it’s not expected SID either( seems like well
> known sid like NT AUTHORITY - but it’s not the SID that I expect ).
>
> I also used PsReferencePrimaryToken and SeQuery… API and received the
> same results.
> Can someone shed light on the strange situation?
>
> Similar by functionality code running in User Mode returns correct
> information…
> Driver code executed in context of file open operation by current
> process( let’s assume that it’s cmd.exe executed by locally logged
> administrator, i.e. I expect to see SID of the local administrator - on 32
> bit platform it’s what I see anyway ).
>
> Thanks,
> Alex.
>
> _________________________________________________________________
> Express yourself instantly with MSN Messenger! Download today it’s FREE!
> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>
>
Alignment is correct and set on 8 bytes, otherwise system will crash.
Return structure contains information, but the information makes no sense to
me.
“cristalink” wrote in message news:xxxxx@ntdev…
>Wrong alignment?
>
>–
>
>“Alex Korthny” wrote in message news:xxxxx@ntdev…
>>Hello,
>>
>>I have file system filter driver ported to Itanium and running under
>>Win2003 SP1. The driver code works fine in 32-bit mode under all Microsoft
>>32bit OS versions from NT to Win2k3 R2. In context of the driver I have
>>code that retrieves User’s SID for a current process by simple scheme:
>>1.Open process
>>2.Open process token.
>>3.Query token information for class TokenUser.
>>
>>The code works on Itanium, but the result returned by
>>ZwQueryInformationToken( function return STATUS_SUCCESS ) return structure
>>is not complete garbage, but it’s not expected SID either( seems like well
>>known sid like NT AUTHORITY - but it’s not the SID that I expect ).
>>
>>I also used PsReferencePrimaryToken and SeQuery… API and received the
>>same results.
>>Can someone shed light on the strange situation?
>>
>>Similar by functionality code running in User Mode returns correct
>>information…
>>Driver code executed in context of file open operation by current process(
>>let’s assume that it’s cmd.exe executed by locally logged administrator,
>>i.e. I expect to see SID of the local administrator - on 32 bit platform
>>it’s what I see anyway ).
>>
>>Thanks,
>>Alex.
_________________________________________________________________
Don’t just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/