3

Is there a way to add an ACE to the DACL of a file/directory from kernel mode in windows? I'm found a reference about ZwQuerySecurityObject/ZwSetSecurityObject routines, but it is not defined in WINDDK headers.

I would appreciate any information of this question.

Feo
  • 161
  • 6
  • 1
    Why are you fiddling with ACLs in kernel mode? Describe your scenario please – Ana Betts Jan 24 '12 at 08:10
  • It's a long story... There is a software product that allows you to mount network disks via iSCSI and FiberChannel protocols. If you mount the network volume under Windows XP and format it, then do not add permissions to the group "Authenticated Users". If the volume is then mounted under Windows 7, it prohibits any write operation to these discs. Due to the current architecture of the program, improve the rights from kernel mode is the easiest way. – Feo Jan 24 '12 at 08:40
  • Are you sure that the ACL you need to modify is on a file/directory (presumably the root directory?) as opposed to, say, the disk or volume device object? (The behaviour you describe seems odd.) – Harry Johnston Jan 25 '12 at 02:42
  • ZwQuerySecurityObject and ZwSetSecurityObject are both defined in ntifs.h in the version of WinDDK that I currently have installed, 7600.16385.1. What version are you using? – Harry Johnston Jan 25 '12 at 02:44
  • Harry, i need to modify the ACL for mounted volume (root directory). – Feo Jan 25 '12 at 13:17
  • Thanks for information about ...SecurityObject functions. Currently i'm using WinDDK version 3790.1830. Using the old version of WinDDK due to the fact that the project has been under development for over 5 years and the transition to the new version is currently uncertain process. – Feo Jan 25 '12 at 13:25

0 Answers0