user1610128
Reputation: 21
Get all Windows Kernel object and Security rights of it
I need to get list of access rights to all Win-Kernel objects; What I do:
for (int i=0; i<9999; i++)
GetKernelObjectSecurity( i, ... ) //result in security_descriptor
GetSecurityDescriptorDacl( security_descriptor, ... ) // result in lpbDaclPresent
if (lpbDaclPresent)
//lpbDaclPresent - need to get
If DACL = Null -> "all can do all"
If DACL != Null -> parsing DACL-mask
I'm on the right track ? By the way, I have:
~300 handles without DACL
~100 handles with DACL (testing on Windows 7)
Upvotes: 2
Views: 976
Answers (1)
5andr0
Reputation: 2056
If you want to bruteforce through the HANDLES don't stop at 9999. Go through all 32bit values.
Alternatively you can enumerate all Usermode-Process-Handles: http://forum.sysinternals.com/howto-enumerate-handles_topic18892.html
The advantage of this method is, that you know the Handles original Process to use DuplicateHandle if needed.
Upvotes: 2
Related Questions
- C++ How to retrieve a file permission and ownership via win32 api
- Determine file owner from a Windows kernel-mode driver
- getting a list of kernel objects windows
- Windows Kernel: Retrieving function addresses inside modules
- Getting Windows NT Kernel Object by Name from within a kernel driver
- How to get device properties in windows in c++?
- Trying to understand process privilege attributes
- Does Windows API give one access to the Kernel or is it more complicated than that?
- Reading kernel mode registry accesses?
- Get machine properties