c++ - Show UAC prompt before access is denied by IoCreateDeviceSecure function -

-

i adding access control driver (winpcap's ndis 6 filter driver) running on windows 7 , 8. want let administrators (users in administrators group) use driver. used new iocreatedevicesecure function instead of original iocreatedevice call.

my code belows:

unicode_string sddl = rtl_constant_string(l"d:p(a;;ga;;;sy)(a;;ga;;;ba)"); const guid guidclassnpf = { 0x26e0d1e0l, 0x8189, 0x12e0, { 0x99, 0x14, 0x08, 0x00, 0x22, 0x30, 0x19, 0x04 } }; status = iocreatedevicesecure(adriverobjectp, sizeof(device_extension), &devicename, file_device_transport, file_device_secure_open, false, &sddl, (lpcguid) &guidclassnpf, &devobjp);

my sddl string "d:p(a;;ga;;;sy)(a;;ga;;;ba)" means "allows kernel, system, , administrator complete control on device. no other users may access device." in https://msdn.microsoft.com/en-us/library/windows/hardware/ff563667(v=vs.85).aspx.

it seems build-in administrator account can directly access device now. other members of administrators group denied because don't have escalated access token based on windows's user account control. know when user tries make critical changes system, uac prompt show user ask permissions.

my question is, there way windows shows such prompt when executing driver's iocreatedevicesecure call, if user agrees uac prompt, call can succeed. silent denial not friendly member in administrators group use rights. thanks!

more details:

my software combination of some dlls (wpcap.dll , packet.dll) , driver (npcap.sys). other people develop applications (like wireshark , nmap) use dlls , driver. invoking path is: exe -> wpcap.dll -> packet.dll -> npcap.sys. getting app elevated has issue. because other people develop apps. i'd do elevating thing in dll level.

i have learnt application (exe) can specify /manifestuac: highestavailable in manifest enforce administrator elevation. have tried add /manifestuac: highestavailable option dll (in vs 2008, modifying properties -> linker -> manifest file -> uac execution level highestavailable), nothing happened. doubt if meaningful add such option dll. is there way dll enforce administrator elevation process loads it? when exe (without /manifestuac: highestavailable) loading dll (with /manifestuac: highestavailable) tries start, required elevated uac prompt?


Comments

Post a Comment

Popular posts from this blog

PHP DOM loadHTML() method unusual warning -

-
i had following code works fine on localhost: $document = new domdocument(); $document->loadhtml($p_result); $form = $document->getelementsbytagname('form')->item(0); // code continues using $form variable after same code updated on outside server, loadhtml() failed , issued warning. warning: domdocument::loadhtml() expects parameter 1 valid path, string given in path/name/to/script.php returned null instead of object code pretty gets fatal error. note contents of $p_result absolutely same on outside server , on localhost. but why displays kind of warning , why not work? doesn't loadhtml() expects argument 1 string in first place? why method expects parameter 1 valid path ? just make clear i'm not calling loadhtmlfile() , i'm calling loadhtml() . thanks. you're affected one of php bugs . issue present in php 5.6.8 , 5.6.9. have affected php version on server, , bug-free version on localhost. the bug forbids null
Read more

python - How to create jsonb index using GIN on SQLAlchemy? -

-
here's current code creating index jsonb. index("mytable_data_idx_id_key", mytable.data['id'].astext, postgresql_using='gin') but got error. sqlalchemy.exc.programmingerror: (psycopg2.programmingerror) data type text has no default operator class access method "gin" hint: must specify operator class index or define default operator class data type. [sql: "create index event_data_idx_id_key on event using gin ((data ->> 'id'))"] is there way create index on sqlalchemy? the postgresql specific sqlalchemy docs @ http://docs.sqlalchemy.org/en/latest/dialects/postgresql.html#operator-classes mention postgresql_ops dictionary provide "operator class" used postgresql, , provide example illustrating use: index('my_index', my_table.c.id, my_table.c.data, postgresql_ops={ 'data': 'text_pattern_ops',
Read more

c# - TransactionScope not rolling back although no complete() is called -

-
i'm using transactionscope rollback transaction fail bool errorreported = false; action<importerrorlog> newerrorcallback = e => { errorreported = true; errorcallback(e); }; using (var transaction = new transactionscope()) { foreach (importtaskdefinition task in taskdefinition) { loader.load(streamfile, newerrorcallback, task.destinationtable, processingtaskid); } if (!errorreported) transaction.complete(); } i'm sure there no transactionscope started ahead or after code. i'm using entity framework insert in db. regardless state of errorreported transaction never rolled in case of error. what missing ? transactionscope sets transaction.current . that's does. wants transacted must @ property. i believe ef each time connection opened reason. probably, connection open when scope installed. open connection inside of scope or enlist manually. ef has nasty "design decision": default opens
Read more