I am adding the access control for a driver (WinPcap's NDIS 6 filter driver) running on Windows 7 and 8. We want to let only administrators (users in Administrators group) to use the driver. So I used the new IoCreateDeviceSecure function instead of original IoCreateDevice call.
My code is as belows:
UNICODE_STRING sddl = RTL_CONSTANT_STRING(L"D:P(A;;GA;;;SY)(A;;GA;;;BA)");
const GUID guidClassNPF = { 0x26e0d1e0L, 0x8189, 0x12e0, { 0x99, 0x14, 0x08, 0x00, 0x22, 0x30, 0x19, 0x04 } };
status = IoCreateDeviceSecure(adriverObjectP, sizeof(DEVICE_EXTENSION), &deviceName, FILE_DEVICE_TRANSPORT,
FILE_DEVICE_SECURE_OPEN, FALSE, &sddl, (LPCGUID) &guidClassNPF, &devObjP);
My SDDL string is "D:P(A;;GA;;;SY)(A;;GA;;;BA)" which means "allows the kernel, system, and administrator complete control over the device. No other users may access the device." in https://msdn.microsoft.com/en-us/library/windows/hardware/ff563667(v=vs.85).aspx.
It seems that only build-in Administrator account can directly access my device now. The other members of Administrators group will be denied because they don't have an escalated access token based on Windows's User Account Control. I know that when a user tries to make critical changes for the system, a UAC prompt will show up to the user to ask for permissions.
My question is, is there a way that Windows shows such a prompt when executing my driver's IoCreateDeviceSecure call, so if the user agrees with the UAC prompt, the call can succeed. The currently silent denial is not very friendly for a member in Administrators group to use rights. thanks!
More details:
My software is a combination of some DLLs (wpcap.dll and packet.dll) and a driver (npcap.sys). Other people develop the applications (like Wireshark and Nmap) to use my DLLs and driver. The invoking path is: EXE -> wpcap.dll -> packet.dll -> npcap.sys. But getting app elevated also has issue. Because other people develop the apps. I'd like to do the elevating thing in the DLL level.
I have learnt that an application (EXE) can specify /MANIFESTUAC: highestAvailable in its manifest to enforce an Administrator elevation. I have tried to add /MANIFESTUAC: highestAvailable option to a DLL too (in VS 2008, by modifying Properties -> Linker -> Manifest File -> UAC Execution Level to highestAvailable), but nothing happened. I doubt if it is meaningful to add such an option to a DLL. Is there a way for DLL to enforce an Administrator elevation for the process that loads it? So when an EXE (without /MANIFESTUAC: highestAvailable) loading my DLL (with /MANIFESTUAC: highestAvailable) tries to start, it will be required to be elevated by a UAC prompt?