RE: [ntfsd] Retrieving security information regarding thread calling
IRP_MJ_C REATE>I think the following three Zw* calls should be enough to get
whatever you
need:
NTSYSAPI NTSTATUS NTAPI ZwOpenThreadToken(HANDLE Thread,
In processing MJ_CREATE, one must not use the thread’s current token - but
use the security context from the IRP.
There could be some filter driver above us that pend CREATEs to a worker
thread.
Max
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com