Username and context question

OSR_Community_User · January 26, 2004, 9:35am

Hello,

I want to determine the username of the user which owns the current process.
This should be done from a hooked system service, namely NtCreateSection().

Now the 2 questions:

does anyone know a method to determine the username from the token of the
current process without having a running user mode component?
NtCreateSection() being called during process creation does not seem to
have any process context, how would I get the username (or at least the SID)
there?

Thanks in advance,

Oliver

Maxim_S_Shatskih · January 26, 2004, 11:20am

Forget about usernames at all. They are for UI only. All security decisions
must be based on SIDs.

SID can be obtained by ZwQueryInformation token, use ObOpenObjectByPointer
to get the handle.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From:
To: “Windows System Software Devs Interest List”
Sent: Monday, January 26, 2004 5:33 PM
Subject: [ntdev] Username and context question

> Hello,
>
> I want to determine the username of the user which owns the current process.
> This should be done from a hooked system service, namely NtCreateSection().
>
> Now the 2 questions:
> - does anyone know a method to determine the username from the token of the
> current process without having a running user mode component?
> - NtCreateSection() being called during process creation does not seem to
> have any process context, how would I get the username (or at least the SID)
> there?
>
> Thanks in advance,
>
> Oliver
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com