Solved

Access to kernel driver event.

Posted on 1998-12-22
16
211 Views
Last Modified: 2013-12-03
My NT driver create synchronization named event for notify user application. This work, but only for administrators group of users. Other users can't open this event (error code 5).
How create event with right security descriptor?
0
Comment
Question by:Nightmare090197
  • 8
  • 7
16 Comments
 

Author Comment

by:Nightmare090197
ID: 1417574
Edited text of question
0
 
LVL 86

Expert Comment

by:jkr
ID: 1417575
This one should create a 'guest' SID, try it...

PSID CreateUserSID ( void)
{
    PSID                        psid;

    SID_IDENTIFIER_AUTHORITY    SystemSidAuthority  =   SECURITY_NT_AUTHORITY;

    if  (   !AllocateAndInitializeSid   (   &SystemSidAuthority,
                                            1,
                                            DOMAIN_GROUP_RID_USERS,
                                            0,
                                            0,
                                            0,
                                            0,
                                            0,
                                            0,
                                            0,
                                            &psid
                                        )
        )
        return ( NULL);

    return ( psid);
}

0
 

Author Comment

by:Nightmare090197
ID: 1417576
Who must create SID? User mode application? this is not network,
it's single NT workstation with many users, but only Administrators applications can open named event.
0
ScreenConnect 6.0 Free Trial

Explore all the enhancements in one game-changing release, ScreenConnect 6.0, based on partner feedback. New features include a redesigned UI, app configurations and chat acknowledgement to improve customer engagement!

 
LVL 86

Expert Comment

by:jkr
ID: 1417577
Your creator of the event should create the SID, which is always necessary, regardless whether there's a network or not.
0
 

Author Comment

by:Nightmare090197
ID: 1417578
OK,
NT driver create named event.
It use IoCreateSynchronizationEvent() for creating event. How do change security of this event?
0
 
LVL 86

Expert Comment

by:jkr
ID: 1417579
You should use 'NtSetSecutityObject()' to set the created SID for your event (i'm not _that_ familiar with kernel drivers, thus i can't offer an example ;-)
0
 
LVL 86

Expert Comment

by:jkr
ID: 1417580
Ooops - 'NtSetSecutityObject()' should of course read 'NtSetSecurityObject()'
0
 

Author Comment

by:Nightmare090197
ID: 1417581
I can't find NtSetSecurityObject()in NT DDK documentation.
Is this kernel function?
0
 
LVL 86

Expert Comment

by:jkr
ID: 1417582
Well, it's a 'native' NT function exported by 'ntdll.h'...
0
 

Author Comment

by:Nightmare090197
ID: 1417583
I can't find NtSetSecurityObject()in NT DDK documentation.
Is this kernel function?
0
 
LVL 2

Expert Comment

by:ivi
ID: 1417584
I use other way:
Create an event in the application then pass this event to the driver via DeviceIOControl.
In driver:
 ObReferenceObjectByHandle(hUserEvent,
                           SYNCHRONIZE,
                           NULL,
                           KernelMode,
                           &pDeviceExtension->hEvent,
                           NULL
                           );

All works fine...
0
 

Author Comment

by:Nightmare090197
ID: 1417585
Thanks, I create SECURITY_DESCRIPTOR with DACL=NULL, and set one with NtSetSecurityObject(). This work.
0
 
LVL 86

Expert Comment

by:jkr
ID: 1417586
Great! Do you think i may lock the Q?
0
 
LVL 86

Expert Comment

by:jkr
ID: 1417587
Nightmare - Do you think i may lock the Q? ;-)
(Or are you on holiday? ;-)
0
 

Author Comment

by:Nightmare090197
ID: 1417588
Sure, thanks again :)
0
 
LVL 86

Accepted Solution

by:
jkr earned 100 total points
ID: 1417589
Thanx & happy new year ;-)
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I will show how to use the Ribbon IDs Tool Window to assign the built-in Office icons to a ribbon button.  This tool will help us to find the OfficeImageId that corresponds to our desired built-in Office icon. The tool is part of…
As more and more people are shifting to the latest .Net frameworks, the windows presentation framework is gaining importance by the day. Many people are now turning to WPF controls to provide a rich user experience. I have been using WPF controls fo…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question