Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Access to kernel driver event.

Posted on 1998-12-22
16
212 Views
Last Modified: 2013-12-03
My NT driver create synchronization named event for notify user application. This work, but only for administrators group of users. Other users can't open this event (error code 5).
How create event with right security descriptor?
0
Comment
Question by:Nightmare090197
  • 8
  • 7
16 Comments
 

Author Comment

by:Nightmare090197
ID: 1417574
Edited text of question
0
 
LVL 86

Expert Comment

by:jkr
ID: 1417575
This one should create a 'guest' SID, try it...

PSID CreateUserSID ( void)
{
    PSID                        psid;

    SID_IDENTIFIER_AUTHORITY    SystemSidAuthority  =   SECURITY_NT_AUTHORITY;

    if  (   !AllocateAndInitializeSid   (   &SystemSidAuthority,
                                            1,
                                            DOMAIN_GROUP_RID_USERS,
                                            0,
                                            0,
                                            0,
                                            0,
                                            0,
                                            0,
                                            0,
                                            &psid
                                        )
        )
        return ( NULL);

    return ( psid);
}

0
 

Author Comment

by:Nightmare090197
ID: 1417576
Who must create SID? User mode application? this is not network,
it's single NT workstation with many users, but only Administrators applications can open named event.
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
LVL 86

Expert Comment

by:jkr
ID: 1417577
Your creator of the event should create the SID, which is always necessary, regardless whether there's a network or not.
0
 

Author Comment

by:Nightmare090197
ID: 1417578
OK,
NT driver create named event.
It use IoCreateSynchronizationEvent() for creating event. How do change security of this event?
0
 
LVL 86

Expert Comment

by:jkr
ID: 1417579
You should use 'NtSetSecutityObject()' to set the created SID for your event (i'm not _that_ familiar with kernel drivers, thus i can't offer an example ;-)
0
 
LVL 86

Expert Comment

by:jkr
ID: 1417580
Ooops - 'NtSetSecutityObject()' should of course read 'NtSetSecurityObject()'
0
 

Author Comment

by:Nightmare090197
ID: 1417581
I can't find NtSetSecurityObject()in NT DDK documentation.
Is this kernel function?
0
 
LVL 86

Expert Comment

by:jkr
ID: 1417582
Well, it's a 'native' NT function exported by 'ntdll.h'...
0
 

Author Comment

by:Nightmare090197
ID: 1417583
I can't find NtSetSecurityObject()in NT DDK documentation.
Is this kernel function?
0
 
LVL 2

Expert Comment

by:ivi
ID: 1417584
I use other way:
Create an event in the application then pass this event to the driver via DeviceIOControl.
In driver:
 ObReferenceObjectByHandle(hUserEvent,
                           SYNCHRONIZE,
                           NULL,
                           KernelMode,
                           &pDeviceExtension->hEvent,
                           NULL
                           );

All works fine...
0
 

Author Comment

by:Nightmare090197
ID: 1417585
Thanks, I create SECURITY_DESCRIPTOR with DACL=NULL, and set one with NtSetSecurityObject(). This work.
0
 
LVL 86

Expert Comment

by:jkr
ID: 1417586
Great! Do you think i may lock the Q?
0
 
LVL 86

Expert Comment

by:jkr
ID: 1417587
Nightmare - Do you think i may lock the Q? ;-)
(Or are you on holiday? ;-)
0
 

Author Comment

by:Nightmare090197
ID: 1417588
Sure, thanks again :)
0
 
LVL 86

Accepted Solution

by:
jkr earned 100 total points
ID: 1417589
Thanx & happy new year ;-)
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
EXECUTE AS Permissions To Query system tables requireing View Server State 10 110
Dir function fails on mapped drives 28 140
Visual Studio Debugging 3 136
C# LINQ ForEach() question 6 48
This article describes how to programmatically preset the "Pages per Sheet" option that's available with most printer drivers.   This setting lets you do "n-Up" printing, where two, four, or more pages are printed on each sheet of paper. If your …
Whether you've completed a degree in computer sciences or you're a self-taught programmer, writing your first lines of code in the real world is always a challenge. Here are some of the most common pitfalls for new programmers.
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question