Re: Obtaining a Terminal Services SessionID in a functional driver

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Awesome, thanks, I'll look into it.
-David G

"Skywing" wrote:

You might look into doing something like this:

SeCaptureSubjectContext(&ctx)
SeLockSubjectContext(ctx)
token = SeQuerySubjectContextToken(ctx)
SeQueryInformationToken(token, TokenSessionId, &sessionid);
SeUnlockSubjectContext(ctx)
SeReleaseSubjectContext(ctx)

If you are operating in the context of IRP_MJ_CREATE, you may find
IoStackLocation->Parameters.Create.SecurityContext->AccessState->SecuritySubjectContext
useful as well.

(This comes from the IFS kit documentation, btw...)

"David G" <DavidG@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0DC8E251-0FC0-4AA1-8FC8-2CCF2B510FD4@xxxxxxxxxxxxxxxx
Hi All,

Anyone know of a way to obtain the SessionID of a Terminal Services user
communicating to a functional driver. I would like to obtain the
SessionID
inside the Functional driver which is currently on the user thread in
kernel
space.

For example, I have a functional driver that can send status to an
application via IOCTL calls. The application sends an IOCTl requesting
information and I return STATUS_PENDING. When data is available I return
it
in the IRP and when the application has printed the information it sends
down
another request.

This information is generated by other calls, Opens, Closes, Reads,
Writes,
etc. to my functional driver via CreateFiler(), etc. Since these calls
are
done from other processes I was hoping that I could obtain the SessionID
(if
the user called from a Terminal Services session) and coorelate it with
the
SessionID obtained from the call the application made for the information
request IOCTL.

In short, the status application send and information request IOCTL down
to
my driver. I grab the Terminal Services ID (If available) and store it
with
the request. This IRP is now PENDING. A user calls CreateFile on my
device
and a Create request is sent to my driver. I want to grab the SessionID
from
this request and sent a notice only to the IRP that is pending on the same
SessionID.

In this way users only obtain information on devices they have opened.

Is this possible?

-David G



.

Relevant Pages

  • Re: Obtaining a Terminal Services SessionID in a functional driver
    ... Anyone know of a way to obtain the SessionID of a Terminal Services user ... communicating to a functional driver. ... another request. ... the status application send and information request IOCTL down ...
    (microsoft.public.development.device.drivers)
  • RE: RE: Session & IP Spoofing
    ... >need is to sen I GET request with a spoofed IP! ... >You can spoof any IP. ... >gave me via an XSS the sessionID token. ... >address in order to replay the sessionID?? ...
    (Pen-Test)
  • RE: RE: Session & IP Spoofing
    ... You'd better care about the return traffic; without it you won't even be ... able to complete the TCP handshake to send the request. ... > gave me via an XSS the sessionID token. ...
    (Pen-Test)
  • Re: how to prevent multiple logins from the same user
    ... My suggestion would be to keep track of the current sessionID and last page ... request time for the user in a datasource record. ... set the time in the datasource record to a date ... >> out a ticket and test for it on postback. ...
    (microsoft.public.dotnet.framework.aspnet)