Solved

Access to kernel driver event.

Posted on 1998-12-22
16
209 Views
Last Modified: 2013-12-03
My NT driver create synchronization named event for notify user application. This work, but only for administrators group of users. Other users can't open this event (error code 5).
How create event with right security descriptor?
0
Comment
Question by:Nightmare090197
  • 8
  • 7
16 Comments
 

Author Comment

by:Nightmare090197
ID: 1417574
Edited text of question
0
 
LVL 86

Expert Comment

by:jkr
ID: 1417575
This one should create a 'guest' SID, try it...

PSID CreateUserSID ( void)
{
    PSID                        psid;

    SID_IDENTIFIER_AUTHORITY    SystemSidAuthority  =   SECURITY_NT_AUTHORITY;

    if  (   !AllocateAndInitializeSid   (   &SystemSidAuthority,
                                            1,
                                            DOMAIN_GROUP_RID_USERS,
                                            0,
                                            0,
                                            0,
                                            0,
                                            0,
                                            0,
                                            0,
                                            &psid
                                        )
        )
        return ( NULL);

    return ( psid);
}

0
 

Author Comment

by:Nightmare090197
ID: 1417576
Who must create SID? User mode application? this is not network,
it's single NT workstation with many users, but only Administrators applications can open named event.
0
 
LVL 86

Expert Comment

by:jkr
ID: 1417577
Your creator of the event should create the SID, which is always necessary, regardless whether there's a network or not.
0
 

Author Comment

by:Nightmare090197
ID: 1417578
OK,
NT driver create named event.
It use IoCreateSynchronizationEvent() for creating event. How do change security of this event?
0
 
LVL 86

Expert Comment

by:jkr
ID: 1417579
You should use 'NtSetSecutityObject()' to set the created SID for your event (i'm not _that_ familiar with kernel drivers, thus i can't offer an example ;-)
0
 
LVL 86

Expert Comment

by:jkr
ID: 1417580
Ooops - 'NtSetSecutityObject()' should of course read 'NtSetSecurityObject()'
0
 

Author Comment

by:Nightmare090197
ID: 1417581
I can't find NtSetSecurityObject()in NT DDK documentation.
Is this kernel function?
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 86

Expert Comment

by:jkr
ID: 1417582
Well, it's a 'native' NT function exported by 'ntdll.h'...
0
 

Author Comment

by:Nightmare090197
ID: 1417583
I can't find NtSetSecurityObject()in NT DDK documentation.
Is this kernel function?
0
 
LVL 2

Expert Comment

by:ivi
ID: 1417584
I use other way:
Create an event in the application then pass this event to the driver via DeviceIOControl.
In driver:
 ObReferenceObjectByHandle(hUserEvent,
                           SYNCHRONIZE,
                           NULL,
                           KernelMode,
                           &pDeviceExtension->hEvent,
                           NULL
                           );

All works fine...
0
 

Author Comment

by:Nightmare090197
ID: 1417585
Thanks, I create SECURITY_DESCRIPTOR with DACL=NULL, and set one with NtSetSecurityObject(). This work.
0
 
LVL 86

Expert Comment

by:jkr
ID: 1417586
Great! Do you think i may lock the Q?
0
 
LVL 86

Expert Comment

by:jkr
ID: 1417587
Nightmare - Do you think i may lock the Q? ;-)
(Or are you on holiday? ;-)
0
 

Author Comment

by:Nightmare090197
ID: 1417588
Sure, thanks again :)
0
 
LVL 86

Accepted Solution

by:
jkr earned 100 total points
ID: 1417589
Thanx & happy new year ;-)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you have ever found yourself doing a repetitive action with the mouse and keyboard, and if you have even a little programming experience, there is a good chance that you can use a text editor to whip together a sort of macro to automate the proce…
For most people, the WrapPanel seems like a magic when they switch from WinForms to WPF. Most of us will think that the code that is used to write a control like that would be difficult. However, most of the work is done by the WPF engine, and the W…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now