Allow minifilter driver to accept one (1) application only.

Discussion in 'Windows Vista Drivers' started by Minna Albert, Dec 14, 2008.

  1. Minna Albert

    Minna Albert Guest

    I have a minifilter driver and an application. I want that my minifilter
    driver will allow access and filtering only to my application (we just named
    it AppX.exe) and ignore or just do nothing to other application (means no
    filtering takes place).

    My question is, how can I be able to allow my minifilter driver to allow
    filtering exclusively to my AppX.exe application only?

    Can you give me some idea how can I be able to realize this idea? If there
    are sample or snippet codes, can you show it to me?

    Any help is greatly appreciated.

    Thank you


    Best regards,
    Minna Albert
     
    Minna Albert, Dec 14, 2008
    #1
    1. Advertisements

  2. Minna Albert

    Guest Guest

    Pass your PID (GetCurrentProcessId) to the minifilter or save the PID in the
    message notify callback of the communication port. In your minifilter, use
    PsGetCurrentProcessId to identify the process context and
    FltGetRequestorProcessId to identify the initiator of an I/O request and
    base your actions on those.

    //Daniel
     
    Guest, Dec 14, 2008
    #2
    1. Advertisements

  3. In your installation procedure, create a special user account with the secret password, and let the AppX's service to run under this account.

    Then check for this special user in MJ_CREATE path of your control device.

    This is the cleanest and best way of doing this.
     
    Maxim S. Shatskih, Dec 14, 2008
    #3
  4. Minna Albert

    Guest Guest

    That is, if security is a concern and it's suitable for the OP to run his
    application as a service. Then, as anything else an installation program can
    be debugged. And there are standard methods to reveal or reset Windows
    passwords.

    Then I think there is absolutely nothing clean about creating a separate
    user account for the purpose of one application.

    //Daniel



    In your installation procedure, create a special user account with the
    secret password, and let the AppX's service to run under this account.

    Then check for this special user in MJ_CREATE path of your control
    device.

    This is the cleanest and best way of doing this.
     
    Guest, Dec 14, 2008
    #4
  5. be debugged. And there are standard methods to reveal or reset Windows
    Having admin (or even physical - to boot a special boot environment CD) access to the machine - yes. In other cases - hard a bit, I would say.
    MS themselves use this for lots of purposes, like some IIS's or SQL Server's user accounts.

    Also note that this way is by far more sophisticated then just checking the EXE pathname, and is much simpler then parsing the EXE (to get the version resource, manifests, certs or such) in kernel mode.

    Anyway the OP's task has no 100% secure solutions. Only 20% or 10% ones.
     
    Maxim S. Shatskih, Dec 14, 2008
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.