none
check if irp called is from administrator processus RRS feed

  • Question

  • Hello,

    How do i make for determine if irp called is from administrator processus ???

    Equivalent IsUserAnAdmin.

    Thank.

    In french :

    Comment savoir si l'irp est appeller depuis un processus avec les priviléges administrateurs ??

    Merci.

    Thursday, August 31, 2017 2:53 PM

Answers

  • the best way to do this to ACL your device object so that only administrators can open the device, thus precluding anyone else from sending the IRP.  If you can't do this, the second best choice is to require that administrator access is needed for read or write access (you pick) and the define your IOCTL with read | write. The third best choice is to see if the caller in IRP_MJ_CREATE has a certain privilege (like SE_LOAD_DRIVER), and if yes, capture that in the context on the PFILE_OBJECT and then look up this state processing the IRP in question


    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Thursday, August 31, 2017 5:05 PM

All replies

  • the best way to do this to ACL your device object so that only administrators can open the device, thus precluding anyone else from sending the IRP.  If you can't do this, the second best choice is to require that administrator access is needed for read or write access (you pick) and the define your IOCTL with read | write. The third best choice is to see if the caller in IRP_MJ_CREATE has a certain privilege (like SE_LOAD_DRIVER), and if yes, capture that in the context on the PFILE_OBJECT and then look up this state processing the IRP in question


    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Thursday, August 31, 2017 5:05 PM
  • Thank,BUT

    Can i have a sample ?

    Thank

    Thursday, August 31, 2017 7:02 PM
  • there are SDDL samples for options 1 and 2 in wdmsec.h in the wdk

    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Thursday, August 31, 2017 9:18 PM