I’m playing with a KMDF (kernel mode) sample driver that came with VS 2022.
I’ve added the following code to process IOCTL in my Queue.c
:
VOID
TestEvtIoDeviceControl(
_In_ WDFQUEUE Queue,
_In_ WDFREQUEST Request,
_In_ size_t OutputBufferLength,
_In_ size_t InputBufferLength,
_In_ ULONG IoControlCode
)
{
NTSTATUS status = STATUS_SUCCESS;
if(IoControlCode == IOCTL_MY_TEST)
{
REQ_TEST* pReq = NULL;
size_t szcbRead = 0;
status = WdfRequestRetrieveInputBuffer(Request, sizeof(*pReq), &pReq, &szcbRead);
if(NT_SUCCESS(status) &&
szcbRead == sizeof(*pReq))
{
//Process data received in pReq ...
}
}
WdfRequestComplete(Request, status);
}
where:
#define IOCTL_MY_TEST CTL_CODE(0x8000, 0x800, METHOD_BUFFERED, FILE_WRITE_ACCESS)
typedef struct _REQ_TEST
{
ULONG Param1;
int Param2;
}REQ_TEST, *PREQ_TEST;
The question is – can I find out if the user-mode process sending my IOCTL_MY_TEST
IOCTL is running as a member of the built-in admin group, and if not prevent processing of this IOCTL request?
You need to sign in to view this answers
Leave feedback about this