Hello,
I have the same issue as described in the already closed thread “CreateFile returns “access denied” in non-admin mode”. The thread does not seem to give an answer to the question - i guess the user has accepted the fate to always start the app with elevated rights?
I do not understand where the problem comes from or what to do. In the driver examples nearly no driver uses a function like WdfDeviceInitAssignSDDLString() - but they all seem to work correctly…
I’ve added the following lines before the WdfDeviceCreate() call:
// Security bla bla…
WdfDeviceInitSetCharacteristics(DeviceInit, FILE_AUTOGENERATED_DEVICE_NAME, TRUE);
TraceEvents(TRACE_LEVEL_ERROR, TRACE_DRIVER, “WdfDeviceInitAssignSDDLString() - 1\n”);
status = WdfDeviceInitAssignSDDLString(DeviceInit, &SDDL_DEVOBJ_SYS_ALL_ADM_RWX_WORLD_RW_RES_R);
TraceEvents(TRACE_LEVEL_ERROR, TRACE_DRIVER, “WdfDeviceInitAssignSDDLString() - 2\n”);
if (!NT_SUCCESS(status)){
TraceEvents(TRACE_LEVEL_ERROR, TRACE_DRIVER, “Could not set security. WdfDeviceInitAssignSDDLString() returned %d\n”, status);
}
The only effect by the calls is that the Windows7-driver crashes on load time. In Windows 8 it has no effect at all…
Is there a way out? The documentation of WdfDeviceInitAssignSDDLString() does not tell a lot or I do not understand right…
Thank you.
You don’t need to specify an auto generated name… Send the stack for the crash.
d
Bent from my phone
From: xxxxx@t-online.demailto:xxxxx
Sent: ?1/?23/?2015 12:08 PM
To: Windows System Software Devs Interest Listmailto:xxxxx
Subject: [ntdev] (2)CreateFile returns “access denied” in non-admin mode
Hello,
I have the same issue as described in the already closed thread “CreateFile returns “access denied” in non-admin mode”. The thread does not seem to give an answer to the question - i guess the user has accepted the fate to always start the app with elevated rights?
I do not understand where the problem comes from or what to do. In the driver examples nearly no driver uses a function like WdfDeviceInitAssignSDDLString() - but they all seem to work correctly…
I’ve added the following lines before the WdfDeviceCreate() call:
// Security bla bla…
WdfDeviceInitSetCharacteristics(DeviceInit, FILE_AUTOGENERATED_DEVICE_NAME, TRUE);
TraceEvents(TRACE_LEVEL_ERROR, TRACE_DRIVER, “WdfDeviceInitAssignSDDLString() - 1\n”);
status = WdfDeviceInitAssignSDDLString(DeviceInit, &SDDL_DEVOBJ_SYS_ALL_ADM_RWX_WORLD_RW_RES_R);
TraceEvents(TRACE_LEVEL_ERROR, TRACE_DRIVER, “WdfDeviceInitAssignSDDLString() - 2\n”);
if (!NT_SUCCESS(status)){
TraceEvents(TRACE_LEVEL_ERROR, TRACE_DRIVER, “Could not set security. WdfDeviceInitAssignSDDLString() returned %d\n”, status);
}
The only effect by the calls is that the Windows7-driver crashes on load time. In Windows 8 it has no effect at all…
Is there a way out? The documentation of WdfDeviceInitAssignSDDLString() does not tell a lot or I do not understand right…
Thank you.
—
NTDEV is sponsored by OSR
Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
OSR is HIRING!! See http://www.osr.com/careers
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer</mailto:xxxxx></mailto:xxxxx>
On Fri, Jan 23, 2015 at 3:08 PM, wrote:
> WdfDeviceInitAssignSDDLString
I have code that does this, but in WdfDeviceInitSetCharacteristics I am
setting FILE_DEVICE_SECURE_OPEN.
WdfDeviceInitSetDeviceType(DeviceInit, FILE_DEVICE_BUS_EXTENDER);
WdfDeviceInitSetExclusive(DeviceInit, FALSE);
WdfDeviceInitSetIoType(DeviceInit, WdfDeviceIoDirect);
WdfDeviceInitSetCharacteristics(DeviceInit,
FILE_DEVICE_SECURE_OPEN,
TRUE);
…
//
// Set security to very permissive.
//
status = WdfDeviceInitAssignSDDLString(DeviceInit,
&SDDL_DEVOBJ_SYS_ALL_ADM_RWX_WORLD_RWX_RES_RWX);
Works for me.
Mark Roddy
Wdf always sets FILE_DEVICE_SECURE_OPEN
d
Bent from my phone
From: Mark Roddymailto:xxxxx
Sent: ?1/?23/?2015 1:42 PM
To: Windows System Software Devs Interest Listmailto:xxxxx
Subject: Re: [ntdev] (2)CreateFile returns “access denied” in non-admin mode
On Fri, Jan 23, 2015 at 3:08 PM, > wrote:
WdfDeviceInitAssignSDDLString
I have code that does this, but in WdfDeviceInitSetCharacteristics I am setting FILE_DEVICE_SECURE_OPEN.
WdfDeviceInitSetDeviceType(DeviceInit, FILE_DEVICE_BUS_EXTENDER);
WdfDeviceInitSetExclusive(DeviceInit, FALSE);
WdfDeviceInitSetIoType(DeviceInit, WdfDeviceIoDirect);
WdfDeviceInitSetCharacteristics(DeviceInit,
FILE_DEVICE_SECURE_OPEN,
TRUE);
…
//
// Set security to very permissive.
//
status = WdfDeviceInitAssignSDDLString(DeviceInit,
&SDDL_DEVOBJ_SYS_ALL_ADM_RWX_WORLD_RWX_RES_RWX);
Works for me.
Mark Roddy
— NTDEV is sponsored by OSR Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev OSR is HIRING!! See http://www.osr.com/careers For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer</mailto:xxxxx></mailto:xxxxx>
I have it:
There was still a driver class “Sample driver” specified int the .inf file with a HKR,Security…
Changed it to MTM class that meets the character of our device quite well, now CreateFile() works also in Non-Admin mode.
There’s no need for a device name (WdfDeviceInitAssignName()) and WdfDeviceInitAssignSDDLString(). I just was in doubt when searching for related stuff and found this.
@Doron:
The crash in Win7 was a different phenomena resulting from a misconfiguration in config manager.
Thanks!