Hi
I’m developing a WDM driver for a hardware device and there will be 3 applications that will access the driver.
I want to distinguish which application opened the driver; I saw that I can do it with FILENAME field in the FILEOBJECT of the IO_STACK_LOCATION and calling CreateFile() with a “Filename” [e.g. CreateFile(driverName + “\MyApp1”);]
My question, Is there a more secure way for IDing the caller application?
Thanks in advance
Other than running each application in a separate account, no. Security and identity on Windows is based on accounts and tokens, not exes.
And even if you can identify the caller, you still can’t trust their behavior in any way. You don’t know that they haven’t been taken over by someone malicious who might use them to attack your drvier and take over the system.
-p
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Thursday, August 23, 2007 4:36 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Secure way to ID the IRP_MJ_CREATE Caller/Driver Opener
Hi
I’m developing a WDM driver for a hardware device and there will be 3 applications that will access the driver.
I want to distinguish which application opened the driver; I saw that I can do it with FILENAME field in the FILEOBJECT of the IO_STACK_LOCATION and calling CreateFile() with a “Filename” [e.g. CreateFile(driverName + “\MyApp1”);]
My question, Is there a more secure way for IDing the caller application?
Thanks in advance
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
IRP_MJ_CREATE handler always gets called in context of a thread that has actually called CreateFile(), so that you can get the caller app’s process ID. At this point, you can get caller’s token, so that you can find out everything you need to know about access rights and privileges of the calling process. Please note that Windows security is based about user account’s rights, rather than upon
some particular progran’s rights. Therefore, 2 instances of the same app may have different rights if they are run under different user accounts…
Anton Bassov