[orwell]

Hello.

I'm working on small driver to be used exclusively from my process. The communication is done through IoCreateDevice/DeviceIoControl.
How can I verify that the command to the driver is given from my process?

Since the driver and software are signed with the same certificate I thougn of checking whether they match, but may be there is better way to do so?

[TETYYSs]

You pretty much can't.

[EP_X0FF]

Hello.

I'm working on small driver to be used exclusively from my process. The communication is done through IoCreateDevice/DeviceIoControl.
How can I verify that the command to the driver is given from my process?

Since the driver and software are signed with the same certificate I thougn of checking whether they match, but may be there is better way to do so?

Take VirtualBox as example. Since 4.3.14 they use hardening of all executable components. In a short your driver monitors requests from user mode and only accept them if they are comming from approved threads of approved processes. Under approval it uses a "driver session" when calling thread before doing anything else opens a session to talk with driver by special ioctl request. VBoxDrv validates if the calling thread belongs to process that is valid by checking digital certificate. Successfully validated thread may do usual ioctl requests, otherwise it will be denied and logged into debug output (try to open VBoxDrv from your app and watch output with DbgView). To protect against code injection multiple checks performed additionally on the user mode side and later calling process will be protected by driver itself through ob callbacks.

[InvokeStatic]

Hi Bastian :)