I am using a custom minifilter driver similar in nature to Microsoft's MiniSpy sample and I have written a user-mode application in C# to communicate with it.
I need admin rights to install the filter - that seems reasonable. But without admin rights, my application returns HResult:0x80070005 (Access is denied) on critical calls like FilterAttach and FilterConnectCommunicationPort. With admin rights everything works fine.
My question is this: Is there a way to go around the admin requirement for the user-mode application?
This post: https://www.osronline.com/showthread.cfm?link=157827 seems to indicate that opening the communication port is fine, but not attaching to the drives:
it can't, however, attach to a volume. As someone from Microsoft explained, this is an operation that is only allowed to administrators.
Is there maybe a way to start a second service with admin rights that my non-admin user-mode application can connect to? If so do I even need a second service or can I use the filter itself? Or is there any way at all to set my application free of those admin rights requirements?
In the end, a Windows Service that communicates with the filter and hosts a WCF server did the trick, accessed by my application.