At the ALE layer this information is also available, as Gabriel pointed
out.
Pete
–
Kernel Drivers
Windows File System and Device Driver Consulting
www.KernelDrivers.com http:</http:>
866.263.9295
------ Original Message ------
From: “PScott”
To: “Windows File Systems Devs Interest List”
Sent: 4/15/2016 9:11:05 AM
Subject: Re: [ntfsd] How to detect user sid from WFP sampler code while
blocking traffic on system.
>
>This type of information is only available at the stream layer, below
>this layer, the information is lost. At this layer you can retrieve
>what you need from the FWPS_INCOMING_METADATA_VALUES of your data
>indication callback.
>
>Pete
>
>–
>Kernel Drivers
>Windows File System and Device Driver Consulting
>www.KernelDrivers.com http:</http:>
>866.263.9295
>
>
>
>------ Original Message ------
>From: xxxxx@dataresolve.com
>To: “Windows File Systems Devs Interest List”
>Sent: 4/13/2016 11:19:17 PM
>Subject: [ntfsd] How to detect user sid from WFP sampler code while
>blocking traffic on system.
>
>>Hello,
>>
>>I have a filter driver based on Windows Filtering Platform
>>(WFPSampler) which blocks the network traffic for all the process of
>>system. But I want to block traffic only for those process which
>>belongs to some local users. For this I want to get the SID of every
>>process passing through my filter driver. So I want to ask that how to
>>get the user SID in callout function in driver? Can i get this SID
>>through FWPS_INCOMING_METADATA_VALUES structure or there is some other
>>way to get that. I also used ZwQueryInformationToken() to get the SID.
>>But it got fails everytime.
>>
>>Reply as soon as possible.
>>
>>Thank you.
>>
>>—
>>NTFSD is sponsored by OSR
>>
>>
>>MONTHLY seminars on crash dump analysis, WDF, Windows internals and
>>software drivers!
>>Details at http:
>>
>>To unsubscribe, visit the List Server section of OSR Online at
>>http:
>
>
>—
>NTFSD is sponsored by OSR
>
>
>MONTHLY seminars on crash dump analysis, WDF, Windows internals and
>software drivers!
>Details at http:
>
>To unsubscribe, visit the List Server section of OSR Online at
>http:</http:></http:></http:></http:>