'Determine file owner from a Windows kernel-mode driver

Using C in a Windows in a Kernel Mode Driver using KMDF, how do I determine the owner a of file?

I searched high and low but could not find any hint. Only C++ and of course Csharp.

cwindowswinapi


Solution 1:[1]

After opening a handle to a file, you can use the kernel-mode ZwQuerySecurityObject to get the owner information (and full DACL).

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 nobody

Related Questions

Implicit declaration of functions srand, rand and system

Implicit declaration of functions srand, rand and system

Implicit declaration of functions srand, rand and system

hex code implementation for spawning a shell

hex code implementation for spawning a shell

hex code implementation for spawning a shell

warning: format ‘%s’ expects type ‘char *’, but argument 2 has type ‘char (*)’

Minimal implementation of sprintf or printf

warning: format ‘%s’ expects type ‘char *’, but argument 2 has type ‘char (*)’

Minimal implementation of sprintf or printf

How to hide helper functions from public API in c

VS Code C Error - Invalid Active Developer Path

In C is it faster to use the standard library or write your own function?

Finding consecutive bit string of 1 or 0

What is the simplest way of implementing bigint in C?