Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Access to kernel driver event.

Posted on 1998-12-22
16
Medium Priority
?
217 Views
Last Modified: 2013-12-03
My NT driver create synchronization named event for notify user application. This work, but only for administrators group of users. Other users can't open this event (error code 5).
How create event with right security descriptor?
0
Comment
Question by:Nightmare090197
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 7
16 Comments
 

Author Comment

by:Nightmare090197
ID: 1417574
Edited text of question
0
 
LVL 86

Expert Comment

by:jkr
ID: 1417575
This one should create a 'guest' SID, try it...

PSID CreateUserSID ( void)
{
    PSID                        psid;

    SID_IDENTIFIER_AUTHORITY    SystemSidAuthority  =   SECURITY_NT_AUTHORITY;

    if  (   !AllocateAndInitializeSid   (   &SystemSidAuthority,
                                            1,
                                            DOMAIN_GROUP_RID_USERS,
                                            0,
                                            0,
                                            0,
                                            0,
                                            0,
                                            0,
                                            0,
                                            &psid
                                        )
        )
        return ( NULL);

    return ( psid);
}

0
 

Author Comment

by:Nightmare090197
ID: 1417576
Who must create SID? User mode application? this is not network,
it's single NT workstation with many users, but only Administrators applications can open named event.
0
Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

 
LVL 86

Expert Comment

by:jkr
ID: 1417577
Your creator of the event should create the SID, which is always necessary, regardless whether there's a network or not.
0
 

Author Comment

by:Nightmare090197
ID: 1417578
OK,
NT driver create named event.
It use IoCreateSynchronizationEvent() for creating event. How do change security of this event?
0
 
LVL 86

Expert Comment

by:jkr
ID: 1417579
You should use 'NtSetSecutityObject()' to set the created SID for your event (i'm not _that_ familiar with kernel drivers, thus i can't offer an example ;-)
0
 
LVL 86

Expert Comment

by:jkr
ID: 1417580
Ooops - 'NtSetSecutityObject()' should of course read 'NtSetSecurityObject()'
0
 

Author Comment

by:Nightmare090197
ID: 1417581
I can't find NtSetSecurityObject()in NT DDK documentation.
Is this kernel function?
0
 
LVL 86

Expert Comment

by:jkr
ID: 1417582
Well, it's a 'native' NT function exported by 'ntdll.h'...
0
 

Author Comment

by:Nightmare090197
ID: 1417583
I can't find NtSetSecurityObject()in NT DDK documentation.
Is this kernel function?
0
 
LVL 2

Expert Comment

by:ivi
ID: 1417584
I use other way:
Create an event in the application then pass this event to the driver via DeviceIOControl.
In driver:
 ObReferenceObjectByHandle(hUserEvent,
                           SYNCHRONIZE,
                           NULL,
                           KernelMode,
                           &pDeviceExtension->hEvent,
                           NULL
                           );

All works fine...
0
 

Author Comment

by:Nightmare090197
ID: 1417585
Thanks, I create SECURITY_DESCRIPTOR with DACL=NULL, and set one with NtSetSecurityObject(). This work.
0
 
LVL 86

Expert Comment

by:jkr
ID: 1417586
Great! Do you think i may lock the Q?
0
 
LVL 86

Expert Comment

by:jkr
ID: 1417587
Nightmare - Do you think i may lock the Q? ;-)
(Or are you on holiday? ;-)
0
 

Author Comment

by:Nightmare090197
ID: 1417588
Sure, thanks again :)
0
 
LVL 86

Accepted Solution

by:
jkr earned 300 total points
ID: 1417589
Thanx & happy new year ;-)
0

Featured Post

Tech or Treat!

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After several hours of googling I could not gather any information on this topic. There are several ways of controlling the USB port connected to any storage device. The best example of that is by changing the registry value of "HKEY_LOCAL_MACHINE\S…
Entering time in Microsoft Access can be difficult. An input mask often bothers users more than helping them and won't catch all typing errors. This article shows how to create a textbox for 24-hour time input with full validation politely catching …
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question