Just to expand on this for the OP, things like http servers often use the kernel http component to talk to the network. This means incoming http requests see the kernel as the process owning the TCP socket. The kernel http component then parses the request url to route a message to some user mode process that has registered a matching url filter. The http server never deals with sockets or TCP connections, only http requests and responses. This also means there might be many user mode processes, which each have their own security context, indirectly associated with the same listening port. Things like the SMB redirector also have a very complex multiplexing of endpoints when you consider things like RPC connections over named pipes.
Jan
From: > on behalf of Marion Bond
Reply-To: Windows List
Date: Friday, July 24, 2015 at 4:10 AM
To: Windows List
Subject: [ntdev] Re: [ntdev] How to get user sid in dispatch level
You mean the SID of the process that will eventually consume this incoming packet on the local machine? What will you do with packets destined for KM sockets or handled by the OS?
Sent from Surface Pro
From: xxxxx@gmail.commailto:xxxxx
Sent: Thursday, July 23, 2015 8:51 PM
To: Windows System Software Devs Interest Listmailto:xxxxx
Alexandru, Daniel, David and Marion,
Thank you for your kind reply. Your answer is highly appreciated. Thanks very much.
What I want is checking every packet which user it belongs to.
Currently I am considering using a user level application to get user’s sid and pass it to kernel driver since it is not possible to get that directly in kernel driver.
Thank you for your answer, very appreciated.
DengKe
—
NTDEV is sponsored by OSR
Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
OSR is HIRING!! See http://www.osr.com/careers
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
—
NTDEV is sponsored by OSR
Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
OSR is HIRING!! See http://www.osr.com/careers
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer</mailto:xxxxx></mailto:xxxxx>