Discussion:
Find the users-home-folders from within a driver
(too old to reply)
Viv
2010-05-12 13:56:00 UTC
Permalink
Hi all,

How can I find out from within a driver the paths to all the
home-folders for all users from the system (should work on Win2k, XP,
Vista and Win7)?

I mean how can I get for instance on a Windows Vista, from a driver
(which obviously runs in kernel mode), the folder:
C:\Users or C:\Users\<username>; or on a WinXP the C:\Documents and
Settings or C:\Documents and Settings\<username>?

Thanks,
Viv
Maxim S. Shatskih
2010-05-12 17:26:26 UTC
Permalink
Post by Viv
How can I find out from within a driver the paths to all the
home-folders for all users from the system (should work on Win2k, XP,
Vista and Win7)?
Why do you need this? maybe it is better to get this information in user mode and send it to the driver?

Do not use hardcoded paths, they can be customized.
--
Maxim S. Shatskih
Windows DDK MVP
***@storagecraft.com
http://www.storagecraft.com
Tim Roberts
2010-05-13 03:39:08 UTC
Permalink
Post by Viv
How can I find out from within a driver the paths to all the
home-folders for all users from the system (should work on Win2k, XP,
Vista and Win7)?
I mean how can I get for instance on a Windows Vista, from a driver
C:\Users or C:\Users\<username>; or on a WinXP the C:\Documents and
Settings or C:\Documents and Settings\<username>?
To a great extent, the whole concept of "users" is a user-mode concept.
It's never going to be a good fit to try to do this from the kernel.

Remember that, in many environments, those paths point to network shares,
which a kernel driver cannot easily access.
--
Tim Roberts, ***@probo.com
Providenza & Boekelheide, Inc.
Richard Lewis Haggard
2010-06-09 15:43:07 UTC
Permalink
The registry contains a restricted access path to a key that contains a list
of user names.

HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\Names

If you start up RegEdit and Navigate to HKEY_LOCAL_MACHINE\SAM\SAM, right
click and give yourself access (normally, the system has access below SAM but
an admin user does not), kill RegEdit and restart, you can start looking at
the users that the machine knows about.

The whole SAM mechanism encapsulates information about a user, name,
password, last time logged on, how many failed log on attempts, rights, group
membership and so on. The majority of this information is encrypted but a lot
of the info on how it works is out there on the net. In your case, you are
just looking for names and so you could do something like, get the operating
system determine where the user root is, iterate over that directory and
match the results up with the SAM names.
===
Richard Lewis Haggard
Post by Tim Roberts
Post by Viv
How can I find out from within a driver the paths to all the
home-folders for all users from the system (should work on Win2k, XP,
Vista and Win7)?
I mean how can I get for instance on a Windows Vista, from a driver
C:\Users or C:\Users\<username>; or on a WinXP the C:\Documents and
Settings or C:\Documents and Settings\<username>?
To a great extent, the whole concept of "users" is a user-mode concept.
It's never going to be a good fit to try to do this from the kernel.
Remember that, in many environments, those paths point to network shares,
which a kernel driver cannot easily access.
--
Providenza & Boekelheide, Inc.
.
Continue reading on narkive:
Loading...