RE: ahout get the process SID in file system filter driver

It’s the way I do it. If you find any improvement, let me know…

If you’re filtering IRP_MJ_CREATE, you can find the SecurityContext in your IRP (IrpSp->Parameters.Create.SecurityContext)

Sorry for the lack of comments !

Nicolas Sylvain

PSID GetCurrentSid(PTOKEN_USER * pUserToken)
{
SECURITY_SUBJECT_CONTEXT SecContext;
PACCESS_TOKEN AccessToken;

SeCaptureSubjectContext(&SecContext);

SeLockSubjectContext(&SecContext);

AccessToken = SeQuerySubjectContextToken(&SecContext);

NTSTATUS status = SeQueryInformationToken(AccessToken, TokenUser, (PVOID *)pUserToken);
ASSERT(NT_SUCCESS(status));

SeUnlockSubjectContext(&SecContext);
SeReleaseSubjectContext(&SecContext);

if ( !NT_SUCCESS(status) )
{
return NULL;
}
return (*pUserToken)->User.Sid;
}

int func()
{
PTOKEN_USER UserToken = NULL;
PSID pSid = GetCurrentSid(&UserToken);

//your stuff

if ( UserToken != NULL)
{
ExFreePool(UserToken);
}
}

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]On Behalf Of jackzdk
Sent: December 14, 2004 9:04 PM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] ahout get the process SID in file system filter driver

hi,
I am a new gay in driver programming.
Some one said:when remote computer access my computer,a file system filtr driver in my computer can get the process SID.
And I want to know how I can get the process SID in file driver.
thank in advance.
jack zdk

???ɷɣ???һ???ɵ???λ?ӭ???
??1.5Gȫ???ռ䡪???126??? http://www.126.com ???ע??>>>
— Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17 You are currently subscribed to $subst(‘List.Name’) as: $subst(‘Recip.EmailAddr’) To unsubscribe send a blank email to $subst(‘Email.UnSub’)