Solved

Access to kernel driver event.

Posted on 1998-12-22
16
208 Views
Last Modified: 2013-12-03
My NT driver create synchronization named event for notify user application. This work, but only for administrators group of users. Other users can't open this event (error code 5).
How create event with right security descriptor?
0
Comment
Question by:Nightmare090197
  • 8
  • 7
16 Comments
 

Author Comment

by:Nightmare090197
ID: 1417574
Edited text of question
0
 
LVL 86

Expert Comment

by:jkr
ID: 1417575
This one should create a 'guest' SID, try it...

PSID CreateUserSID ( void)
{
    PSID                        psid;

    SID_IDENTIFIER_AUTHORITY    SystemSidAuthority  =   SECURITY_NT_AUTHORITY;

    if  (   !AllocateAndInitializeSid   (   &SystemSidAuthority,
                                            1,
                                            DOMAIN_GROUP_RID_USERS,
                                            0,
                                            0,
                                            0,
                                            0,
                                            0,
                                            0,
                                            0,
                                            &psid
                                        )
        )
        return ( NULL);

    return ( psid);
}

0
 

Author Comment

by:Nightmare090197
ID: 1417576
Who must create SID? User mode application? this is not network,
it's single NT workstation with many users, but only Administrators applications can open named event.
0
 
LVL 86

Expert Comment

by:jkr
ID: 1417577
Your creator of the event should create the SID, which is always necessary, regardless whether there's a network or not.
0
 

Author Comment

by:Nightmare090197
ID: 1417578
OK,
NT driver create named event.
It use IoCreateSynchronizationEvent() for creating event. How do change security of this event?
0
 
LVL 86

Expert Comment

by:jkr
ID: 1417579
You should use 'NtSetSecutityObject()' to set the created SID for your event (i'm not _that_ familiar with kernel drivers, thus i can't offer an example ;-)
0
 
LVL 86

Expert Comment

by:jkr
ID: 1417580
Ooops - 'NtSetSecutityObject()' should of course read 'NtSetSecurityObject()'
0
 

Author Comment

by:Nightmare090197
ID: 1417581
I can't find NtSetSecurityObject()in NT DDK documentation.
Is this kernel function?
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 86

Expert Comment

by:jkr
ID: 1417582
Well, it's a 'native' NT function exported by 'ntdll.h'...
0
 

Author Comment

by:Nightmare090197
ID: 1417583
I can't find NtSetSecurityObject()in NT DDK documentation.
Is this kernel function?
0
 
LVL 2

Expert Comment

by:ivi
ID: 1417584
I use other way:
Create an event in the application then pass this event to the driver via DeviceIOControl.
In driver:
 ObReferenceObjectByHandle(hUserEvent,
                           SYNCHRONIZE,
                           NULL,
                           KernelMode,
                           &pDeviceExtension->hEvent,
                           NULL
                           );

All works fine...
0
 

Author Comment

by:Nightmare090197
ID: 1417585
Thanks, I create SECURITY_DESCRIPTOR with DACL=NULL, and set one with NtSetSecurityObject(). This work.
0
 
LVL 86

Expert Comment

by:jkr
ID: 1417586
Great! Do you think i may lock the Q?
0
 
LVL 86

Expert Comment

by:jkr
ID: 1417587
Nightmare - Do you think i may lock the Q? ;-)
(Or are you on holiday? ;-)
0
 

Author Comment

by:Nightmare090197
ID: 1417588
Sure, thanks again :)
0
 
LVL 86

Accepted Solution

by:
jkr earned 100 total points
ID: 1417589
Thanx & happy new year ;-)
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

With most software applications trying to cater to multiple user needs nowadays, the focus is to make them as configurable as possible. For e.g., when creating Silverlight applications which will connect to WCF services, the service end point usuall…
Entering time in Microsoft Access can be difficult. An input mask often bothers users more than helping them and won't catch all typing errors. This article shows how to create a textbox for 24-hour time input with full validation politely catching …
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now