Sesshomurai

Hi,
Is there a way to uniquely identify a calling application in windows Maybe a vendor id or some other id associated with the installed (3rd party) application that cannot be spoofed I want to write a C++ driver that can identify(authenticate) the calling process.

thank you,
Sessh


Re: Windows SDK Identify calling application?

Sdi

Not unless you control the caller or the caller is signed with a certificate or something similar. An arbitrary caller could be put into any directory, renamed to anything, have its resources edited, etc.



Re: Windows SDK Identify calling application?

AndyCadley

No, you can't do this. Raymond Chen has some good examples of why not here, here and here.



Re: Windows SDK Identify calling application?

Sesshomurai

Yeah, I see that its not mathematically secure. But if it falls under 'medium' level security, meaning that someone would have to really go out of their way and have esoteric hacking skills to crack it, then I'm comfortable with that.

For example, if I can ascertain a unique set of modules used by a specific application (process) and some other process info unique to the desired application, then it would be hard to spoof, but not impossible. I'm ok with that for my purposes, which is not military grade security.






Re: Windows SDK Identify calling application?

AndyCadley

Regardless of what you do, circumventing this is trivial. It simply isn't worth attempting.