Jeffrey Walton
2010-06-04 05:09:24 UTC
Hi All,
[Sorry about the cross-post - microsoft.public.windowsce.embedded did
not generate any responses. Also, if there's a better forum, please
point me in the right direction. I grew up on Usenet, and its my
preferred.]
I'm working on a CE 5.0 project that offers services to other
applications in the suite via DeviceIoControl. Since *only* other
programs in the suite are authorized, DEVFLAGS_TRUSTEDCALLERS is too
weak. Because of the requirements, there is a need to differentiate
between CallerProcess versus OwnerProcess. As I understand caller and
owner, caller should always be services.exe but owner is what I am
interested in.
Once we know the owner process, we'd like to determine the full
executable path name, hash the image, and then compare the hash to a
list of known hashes [authorized callers] .
I believe I can determine the actual caller using GetOwnerProcess().
However, I need a PID rather than a handle to move on to the next
step
(ToolHelp API enumeration), so I'm looking for GetCurrentOwnerId()
(GetCurrentProcessId() returns the caller, which should be
services.exe).
What's the recommended way to convert a process handle returned by
GetOwnerProcess() to a process pid? Windows CE 5.0 seems to have
ommitted the desktop'sGetProcessId(HANDLE), which might indicate I
don't need it (but I can't seem to see the forest through the trees).
Also, suggestions for a portable way to side step the ToolHelp API
would be appreciated.
Thanks,
Jeffrey Walton
GetProcessId [Desktop], http://msdn.microsoft.com/en-us/library/ms683215(VS.85).aspx
GetOwnerProcess, http://msdn.microsoft.com/en-us/library/ms885633.aspx
GetCallerProcess, http://msdn.microsoft.com/en-us/library/ms885604.aspx
GetCurrentProcessId, http://msdn.microsoft.com/en-us/library/ms885614(v=MSDN.10).aspx
[Sorry about the cross-post - microsoft.public.windowsce.embedded did
not generate any responses. Also, if there's a better forum, please
point me in the right direction. I grew up on Usenet, and its my
preferred.]
I'm working on a CE 5.0 project that offers services to other
applications in the suite via DeviceIoControl. Since *only* other
programs in the suite are authorized, DEVFLAGS_TRUSTEDCALLERS is too
weak. Because of the requirements, there is a need to differentiate
between CallerProcess versus OwnerProcess. As I understand caller and
owner, caller should always be services.exe but owner is what I am
interested in.
Once we know the owner process, we'd like to determine the full
executable path name, hash the image, and then compare the hash to a
list of known hashes [authorized callers] .
I believe I can determine the actual caller using GetOwnerProcess().
However, I need a PID rather than a handle to move on to the next
step
(ToolHelp API enumeration), so I'm looking for GetCurrentOwnerId()
(GetCurrentProcessId() returns the caller, which should be
services.exe).
What's the recommended way to convert a process handle returned by
GetOwnerProcess() to a process pid? Windows CE 5.0 seems to have
ommitted the desktop'sGetProcessId(HANDLE), which might indicate I
don't need it (but I can't seem to see the forest through the trees).
Also, suggestions for a portable way to side step the ToolHelp API
would be appreciated.
Thanks,
Jeffrey Walton
GetProcessId [Desktop], http://msdn.microsoft.com/en-us/library/ms683215(VS.85).aspx
GetOwnerProcess, http://msdn.microsoft.com/en-us/library/ms885633.aspx
GetCallerProcess, http://msdn.microsoft.com/en-us/library/ms885604.aspx
GetCurrentProcessId, http://msdn.microsoft.com/en-us/library/ms885614(v=MSDN.10).aspx