Re: SDDL problem. getting hexadecimal characters for ACE rights
From: OShah (shexec32_at_aol.com)
Date: 03/10/05
- Previous message: OShah: "Re: Newbie security programming questions"
- In reply to: Sudhakar Govindavajhala: "SDDL problem. getting hexadecimal characters for ACE rights"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 10 Mar 2005 10:30:24 -0800
"=?Utf-8?B?U3VkaGFrYXIgR292aW5kYXZhamhhbGE=?="
<sudhakarg79_re_move_me@hotmail.com> wrote in
news:17FAD982-F720-4B3E-B0A9-987A127E49C3@microsoft.com:
>
> Hello,
>
> When I print a DACL information using SDDL, I am getting illegal
> hexadecimal values in the "rights" field of an ACE.
>
> For example, I get a right like this:
>
>
> D:(A;ID;FA;;;BA)(A;ID;FA;;;SY)(A;ID;FA;;;S-1-5-21-854245398-1637723038-
72
> 5345543-1003)(A;ID;0x1200a9;;;BU)
>
> The last ACE entry is:
>
> (A;ID;0x1200a9;;;BU) why is in hexadecimal? I would have expected it
> to be some ASCII string there.
>
>
> file:
> c:\windows\system32\calc.exe
>
> D:PAI(A;;0x1200a9;;;BU)(A;;FA;;;BA)(A;;FA;;;SY)(A;;0x1200a9;;;WD)
>
> again hexadecimal values..
>
> can someone help?
>
> thanks and best regards,
> Sudhakar
>
>
>
The hexadecimal is the value of the ACCESS_MASK for that user (an access
mask is basically just a DWORD). SDDL will try its best to abbreviate the
access mask into one of the predefined ACE strings, but as you can see,
doesn't always succeed. In this case, you'll get the hex value.
"The string can be a hexadecimal string representation of the access
rights, such as '0x7800003F', or it can be a concatenation of [ACE]
strings."
Let's take this ACE as an example: (A;;0x1200a9;;;BU)
This breaks down to
A; // Allow
; // No inheritance
0x1200a9; // ACCESS_MASK == static_cast<DWORD>(0x001200a9)
; // no GUID
; // no inherit GUID
BU // Builtin Users
The ACCESS_MASK is an OR'ed together DWORD of constants that lists the
access rights for the object
0x001200a9 == FILE_READ_DATA | FILE_READ_EA | FILE_READ_ATTRIBUTES |
FILE_EXECUTE | READ_CONTROL | SYNCHRONIZE
(You'll find these constants defined in winnt.h).
Your code will have to take into account that the string may be
hexadecimal or textual.
-- ------------------------------------------------------------------------ oshah [shexec32] Control Panel -> System -> Advanced -> Error Reporting -> Choose Programs -> Do not report errors for these programs: Acrobat.exe waol.exe ------------------------------------------------------------------------
- Previous message: OShah: "Re: Newbie security programming questions"
- In reply to: Sudhakar Govindavajhala: "SDDL problem. getting hexadecimal characters for ACE rights"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
