Hi, It would be nice if someone could help me retrieve the securityId of a file. I am looking to determine the old and new value during an IRP_MJ_SETSECURITY call. I am able to collect all unique security descriptors by reading $Secure. I could not find any FLT functions to call into to determine the SecurityId during both Preop and Postop.
Regards,
Kamaal.
You can query the security descriptor using FltQuerySecurityObject:
https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/content/fltkernel/nf-fltkernel-fltquerysecurityobject
I believe the SecurityId value is an internal NTFS thing so I can’t imagine a way to query it.
-scott
OSR
That kinda sad. I had troubles sending the whole security descriptor using FltSendMessage as the size can get quite large.
Thanks Scott.
You can get the NTFS SecurityId using FSCTL_QUERY_FILE_LAYOUT, demonstrated by ‘fsutil volume filelayout’. Search MSDN for documentation. It might not be as performant as querying the whole security descriptor.
Craig
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Tuesday, June 5, 2018 8:13 AM
To: Windows File Systems Devs Interest List
Subject: RE:[ntfsd] Retrieve SecurityId, the one in $STANDARD_INFORMATION
That kinda sad. I had troubles sending the whole security descriptor using FltSendMessage as the size can get quite large.
Thanks Scott.
—
NTFSD is sponsored by OSR
MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at https:
To unsubscribe, visit the List Server section of OSR Online at https:</https:></https:>