pykd

Форк
0
/
accessmask.py 
119 строк · 3.3 Кб
1
#
2
# Access mask parser (c) Ignatich
3
#
4

5
from pykd import *
6
import sys
7
import re
8

9
AccessMask = {
10
    0x00010000 : 'DELETE',
11
    0x00020000 : 'READ_CONTROL',
12
    0x00040000 : 'WRITE_DAC',
13
    0x00080000 : 'WRITE_OWNER',
14
    0x00100000 : 'SYNCHRONIZE',
15
    0x01000000 : 'ACCESS_SYSTEM_SECURITY',
16
    0x02000000 : 'MAXIMUM_ALLOWED'
17
    }
18

19
GenericMask = {
20
    0x10000000 : 'GENERIC_ALL',
21
    0x20000000 : 'GENERIC_EXECUTE',
22
    0x40000000 : 'GENERIC_WRITE',
23
    0x80000000 : 'GENERIC_READ'
24
	}
25

26
FileAccessMask = {
27
    0x0001 : 'FILE_READ_DATA',
28
    0x0002 : 'FILE_WRITE_DATA',
29
    0x0004 : 'FILE_APPEND_DATA',
30
    0x0008 : 'FILE_READ_EA',
31
    0x0010 : 'FILE_WRITE_EA',
32
    0x0020 : 'FILE_EXECUTE',
33
    0x0040 : 'FILE_DELETE_CHILD',
34
    0x0080 : 'FILE_READ_ATTRIBUTES',
35
    0x0100 : 'FILE_WRITE_ATTRIBUTES'
36
    }
37

38
ProcessAccessMask = {
39
    0x0001 : 'PROCESS_TERMINATE',
40
    0x0002 : 'PROCESS_CREATE_THREAD',
41
    0x0004 : 'PROCESS_SET_SESSIONID',
42
    0x0008 : 'PROCESS_VM_OPERATION',
43
    0x0010 : 'PROCESS_VM_READ',
44
    0x0020 : 'PROCESS_VM_WRITE',
45
    0x0040 : 'PROCESS_DUP_HANDLE',
46
    0x0080 : 'PROCESS_CREATE_PROCESS',
47
    0x0100 : 'PROCESS_SET_QUOTA',
48
    0x0200 : 'PROCESS_SET_INFORMATION',
49
    0x0400 : 'PROCESS_QUERY_INFORMATION',
50
    0x0800 : 'PROCESS_SUSPEND_RESUME',
51
    0x1000 : 'PROCESS_QUERY_LIMITED_INFORMATION'
52
    }
53

54
ThreadAccessMask = {
55
    0x0001 : 'THREAD_TERMINATE',
56
    0x0002 : 'THREAD_SUSPEND_RESUME',
57
    0x0004 : 'THREAD_ALERT',
58
    0x0008 : 'THREAD_GET_CONTEXT',
59
    0x0010 : 'THREAD_SET_CONTEXT',
60
    0x0020 : 'THREAD_SET_INFORMATION',
61
    0x0040 : 'THREAD_QUERY_INFORMATION',
62
    0x0080 : 'THREAD_SET_THREAD_TOKEN',
63
    0x0100 : 'THREAD_IMPERSONATE',
64
    0x0200 : 'THREAD_DIRECT_IMPERSONATION',
65
    0x0400 : 'THREAD_SET_LIMITED_INFORMATION',
66
    0x0800 : 'THREAD_QUERY_LIMITED_INFORMATION'
67
    }
68

69
FileMaskSets = [FileAccessMask, AccessMask, GenericMask]
70
ProcessMaskSets = [ProcessAccessMask, AccessMask, GenericMask]
71
ThreadMaskSets = [ThreadAccessMask, AccessMask, GenericMask]
72
GenericMaskSets = [AccessMask, GenericMask]
73

74
def parseMask(mask, maskSets) :
75
    cnt = 0
76
    for i in range(0, 31) :
77
        bit = 1 << i
78
        for maskSet in maskSets :
79
            if (bit & mask) and bit in maskSet:
80
                if (cnt != 0) :
81
                    dprint(" | ")
82
                    if (cnt % 4 == 0) :
83
                        dprintln("")
84
                dprint("" + maskSet[bit])
85
                mask &= ~bit
86
                cnt += 1
87
    return mask
88

89
def main():
90

91
    argc = len(sys.argv)
92

93
    if argc == 1 :
94
        dprintln("Syntax: [object type] <;hex mask>;")
95
        dprintln("Supported object types: process, thread, file, generic")
96
        return
97

98
    type = (argc > 2 and sys.argv[1]) or "generic"
99
    if argc > 2 :
100
        mask = int(sys.argv[2], 16)
101
    else :
102
        mask = int(sys.argv[1], 16)
103

104
    if type == "file" :
105
        mask = parseMask(mask, FileMaskSets)
106
    if type == "process" :
107
        mask = parseMask(mask, ProcessMaskSets)
108
    if type == "thread" :
109
        mask = parseMask(mask, ThreadMaskSets)
110
    elif type == "generic" :
111
        mask = parseMask(mask, GenericMaskSets)
112

113
    dprintln("")
114

115
    if mask != 0 :
116
        dprintln("Unknown bits: 0x%x" % mask)
117

118
if __name__ == "__main__":
119
    main()
120

121

Использование cookies

Мы используем файлы cookie в соответствии с Политикой конфиденциальности и Политикой использования cookies.

Нажимая кнопку «Принимаю», Вы даете АО «СберТех» согласие на обработку Ваших персональных данных в целях совершенствования нашего веб-сайта и Сервиса GitVerse, а также повышения удобства их использования.

Запретить использование cookies Вы можете самостоятельно в настройках Вашего браузера.