hi Nicolas
thanks
and I know that the ntoskrnl.lib must be added.
It’s the way I do it. If you find any improvement, let me know…
If you’re filtering IRP_MJ_CREATE, you can find the SecurityContext in your IRP (IrpSp->Parameters.Create.SecurityContext)
Sorry for the lack of comments !
Nicolas Sylvain
PSID GetCurrentSid(PTOKEN_USER * pUserToken)
{
SECURITY_SUBJECT_CONTEXT SecContext;
PACCESS_TOKEN AccessToken;
SeCaptureSubjectContext(&SecContext);
SeLockSubjectContext(&SecContext);
AccessToken = SeQuerySubjectContextToken(&SecContext);
NTSTATUS status = SeQueryInformationToken(AccessToken, TokenUser, (PVOID *)pUserToken);
ASSERT(NT_SUCCESS(status));
SeUnlockSubjectContext(&SecContext);
SeReleaseSubjectContext(&SecContext);
if ( !NT_SUCCESS(status) )
{
return NULL;
}
return (*pUserToken)->User.Sid;
}
int func()
{
PTOKEN_USER UserToken = NULL;
PSID pSid = GetCurrentSid(&UserToken);
//your stuff
if ( UserToken != NULL)
{
ExFreePool(UserToken);
}
}
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]On Behalf Of jackzdk
Sent: December 14, 2004 9:04 PM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] ahout get the process SID in file system filter driver
hi,
I am a new gay in driver programming.
Some one said:when remote computer access my computer,a file system filtr driver in my computer can get the process SID.
And I want to know how I can get the process SID in file driver.
thank in advance.
jack zdk
???ɷɣ???һ???ɵ???λ?ӭ???
??1.5Gȫ???ռ䡪???126??? http://www.126.com ???ע??>>>
— Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17 You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’) To unsubscribe send a blank email to unknown lmsubst tag argument: ‘’ as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com