Prev: Timer Queue timers and impersonation
Next: Using StartTrace, EVENT_TRACE_PROPERTIES and ControlTrace.
From: Viv on 12 May 2010 09:56 Hi all, How can I find out from within a driver the paths to all the home-folders for all users from the system (should work on Win2k, XP, Vista and Win7)? I mean how can I get for instance on a Windows Vista, from a driver (which obviously runs in kernel mode), the folder: C:\Users or C:\Users\<username>; or on a WinXP the C:\Documents and Settings or C:\Documents and Settings\<username>? Thanks, Viv
From: Maxim S. Shatskih on 12 May 2010 13:26 > How can I find out from within a driver the paths to all the > home-folders for all users from the system (should work on Win2k, XP, > Vista and Win7)? Why do you need this? maybe it is better to get this information in user mode and send it to the driver? Do not use hardcoded paths, they can be customized. -- Maxim S. Shatskih Windows DDK MVP maxim(a)storagecraft.com http://www.storagecraft.com
From: Tim Roberts on 12 May 2010 23:39 Viv <vcotirlea(a)hotmail.com> wrote: > >How can I find out from within a driver the paths to all the >home-folders for all users from the system (should work on Win2k, XP, >Vista and Win7)? > >I mean how can I get for instance on a Windows Vista, from a driver >(which obviously runs in kernel mode), the folder: >C:\Users or C:\Users\<username>; or on a WinXP the C:\Documents and >Settings or C:\Documents and Settings\<username>? To a great extent, the whole concept of "users" is a user-mode concept. It's never going to be a good fit to try to do this from the kernel. Remember that, in many environments, those paths point to network shares, which a kernel driver cannot easily access. -- Tim Roberts, timr(a)probo.com Providenza & Boekelheide, Inc.
From: Richard Lewis Haggard on 9 Jun 2010 11:43
The registry contains a restricted access path to a key that contains a list of user names. HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\Names If you start up RegEdit and Navigate to HKEY_LOCAL_MACHINE\SAM\SAM, right click and give yourself access (normally, the system has access below SAM but an admin user does not), kill RegEdit and restart, you can start looking at the users that the machine knows about. The whole SAM mechanism encapsulates information about a user, name, password, last time logged on, how many failed log on attempts, rights, group membership and so on. The majority of this information is encrypted but a lot of the info on how it works is out there on the net. In your case, you are just looking for names and so you could do something like, get the operating system determine where the user root is, iterate over that directory and match the results up with the SAM names. === Richard Lewis Haggard "Tim Roberts" wrote: > Viv <vcotirlea(a)hotmail.com> wrote: > > > >How can I find out from within a driver the paths to all the > >home-folders for all users from the system (should work on Win2k, XP, > >Vista and Win7)? > > > >I mean how can I get for instance on a Windows Vista, from a driver > >(which obviously runs in kernel mode), the folder: > >C:\Users or C:\Users\<username>; or on a WinXP the C:\Documents and > >Settings or C:\Documents and Settings\<username>? > > To a great extent, the whole concept of "users" is a user-mode concept. > It's never going to be a good fit to try to do this from the kernel. > > Remember that, in many environments, those paths point to network shares, > which a kernel driver cannot easily access. > -- > Tim Roberts, timr(a)probo.com > Providenza & Boekelheide, Inc. > . > |