locked
Device-level access privileges in vs2013 versus vs2017 RRS feed

  • Question

  • We have a windows service that monitors removable hard drive connects and disconnects and communicates this event and physical device information to our main application via a named pipe.  This arrangement evolved when we migrated to vs2013 and the MFC RT Lib calls which give us the physical information (device name, size, space available) became privileged, e.g.

    HANDLE hdev = CreateFile (diskName, GENERIC_READ, 
    			FILE_SHARE_READ, NULL, 
    			OPEN_EXISTING,
    			FILE_FLAG_SEQUENTIAL_SCAN, NULL);
    
    	if (!DeviceIoControl (hdev, IOCTL_DISK_GET_DRIVE_GEOMETRY, 
            NULL, 0, 
            &DiskGeometry, sizeof DiskGeometry, &junk, NULL))
    	{
    		DiskGeometry.BytesPerSector = BYTESPERBLK;
    	}
    

    And the users of our application are non-Admin.  When built in vs2013, the operation in which our main application requests from our service a file handle (hdev) which is created/opened using the Service credential is then handed over and read via the application works as intended.  When built in vs2017, the operation succeeds but the returned file handle is invalid when a subsequent read is attempted from the application.  I have modified the service code to provide a non-default security descriptor granting full control.

    Any wisdom appreciated.


    rhfritz

    Tuesday, August 21, 2018 7:58 PM