EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Regarding Originator process name

Also by EldoS: SecureBlackbox
200+ components and classes for digital security, signing, encryption and secure networking.
Posted: 08/10/2008 04:45:36
by Devesh Mittal (Basic support level)
Joined: 07/11/2008
Posts: 8

Hi I have few quick questions regarding GetOriginatorProcessName metood

1. In c# application is it possible to get originator process name inside notify methods or it has always to be called inside synchronous callback ( CbFltOpenFileC ) methods only. I have tested this. It works in notify methods but I am not sure whether it is always reliable or not.

2. I suppose whenever a callback or notify method is called, it is called in new thread. So when you call GetOriginatorProcessName, how you resolve process name? Do you have some kind of mapping between thread Id of call back methods and corresponding process name?

3. Is it possible to receive some kind of security tokens along with process name? to authenticate a process for certain file operations?

Posted: 08/10/2008 04:55:51
by Eugene Mayevski (EldoS Corp.)

1) I will leave this question for the developers.
2) Not sure that I understand the question. There is no correspondence between the name of the process which initiated the file system operation and the thread of your application.
3) See GetOriginatorToken method. The returned security token is used with WinAPI functions to obtain various security information.

Sincerely yours
Eugene Mayevski
Posted: 08/11/2008 02:02:13
by Vladimir Cherniga (EldoS Corp.)

1) You can get originator process name inside CbFltOpenFileC and inside CbFltOpenFileN too.

2) Callback methods invokes from the thread that was created during CallbackFilter.AttachFilter() call. Originator process name resolved during GetOriginatorProcessName() call from the data that was stored in the driver when original request was send to the file sytem.

3)The most preferable places where a token should be obtained are CbFltCreateFile and CbFltOpenFile callbacks. Other requests can be invoked in the context of the system thread.



Topic viewed 3131 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!