What happened when renaming a file?

Maybe I should post it here.

(1) Launch the file “test.exe”, in SoftIce we’ll see the proc “test”
(2) Rename “test.exe” to “ttt.exe”
(3) Launch the “ttt.exe”, in Softice, the proc name is still “test”
but the taskmanager display the right “ttt.exe” in the list.

If system was rebooted, the Softice will show “ttt” correctly.
Seems the new file name was cached for user mode, kernel object
didn’t get updated? is there a way to force this synchronized?

Can anyone give some idea?
thanks,

AFei

This is yet another example of the folly of trying to use ‘image name’
as a surrogate for a security principle.

Create a user. Run a service. Set an ACL.

If you really need to restrict ‘to a particular program’ and your
opponent has admin access, use crypto to handshake, and use code
obfuscation techniques to make it harder to break. ‘harder’. Not
impossible.

Hi Benson, thanks for the reply.
No, I’m not using the “file name” to do any matching.
This is just for the logging purpose when something happened,
in this case, the driver will log the wrong name. Is there a way
to let the driver got the right name without disturbing the user
applications and why the kernel didn’t update the new name?

“Benson Margulies” wrote in message
news:xxxxx@ntfsd…
This is yet another example of the folly of trying to use ‘image name’
as a surrogate for a security principle.

Create a user. Run a service. Set an ACL.

If you really need to restrict ‘to a particular program’ and your
opponent has admin access, use crypto to handshake, and use code
obfuscation techniques to make it harder to break. ‘harder’. Not
impossible.