⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 accessmask.c

📁 臭氧层主动防御系统驱动源代码!臭氧层主动防御系统驱动源代码!
💻 C
📖 第 1 页 / 共 2 页
字号:
🔍
12 
 *		This function decodes semaphore operation types such as SEMAPHORE_QUERY_STATE and converts them to
 *		3 internal operations: OP_READ, OP_WRITE and OP_EXECUTE.
 *
 * Parameters:
 *		DesiredAccess - ACCESS_MASK structure (a doubleword value containing standard, specific, and generic rights).
 *
 * Returns:
 *		A combination of OP_READ, OP_WRITE & OP_EXECUTE flags set depending on the DesiredAccess argument.
 */

UCHAR
Get_SEMAPHORE_OperationType(ACCESS_MASK DesiredAccess)
{
	UCHAR		OperationType = 0;


	if ( IS_BIT_SET(DesiredAccess, SEMAPHORE_QUERY_STATE) ||
		 IS_BIT_SET(DesiredAccess, GENERIC_READ) ||
		 IS_BIT_SET(DesiredAccess, READ_CONTROL) ||
		 IS_BIT_SET(DesiredAccess, SEMAPHORE_ALL_ACCESS) )

		OperationType |= OP_READ;


	if ( IS_BIT_SET(DesiredAccess, SEMAPHORE_MODIFY_STATE) ||
		 IS_BIT_SET(DesiredAccess, GENERIC_WRITE) ||
		 IS_BIT_SET(DesiredAccess, GENERIC_ALL) ||
		 IS_BIT_SET(DesiredAccess, WRITE_DAC) ||
		 IS_BIT_SET(DesiredAccess, SEMAPHORE_ALL_ACCESS) )

		OperationType |= OP_WRITE;


	if (OperationType == 0)
//		OperationType = OP_READ | OP_WRITE | OP_EXECUTE;
		LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("Get_SEMAPHORE_OperationType: Unknown desired access mask %x\n", DesiredAccess));


	return OperationType;
}



/*
 * Get_SECTION_OperationType()
 *
 * Description:
 *		This function decodes section operation types such as SECTION_QUERY and converts them to
 *		3 internal operations: OP_READ, OP_WRITE and OP_EXECUTE.
 *
 * Parameters:
 *		DesiredAccess - ACCESS_MASK structure (a doubleword value containing standard, specific, and generic rights).
 *
 * Returns:
 *		A combination of OP_READ, OP_WRITE & OP_EXECUTE flags set depending on the DesiredAccess argument.
 */

UCHAR
Get_SECTION_OperationType(ACCESS_MASK DesiredAccess)
{
	UCHAR		OperationType = 0;


	if ( IS_BIT_SET(DesiredAccess, SECTION_QUERY) ||
		 IS_BIT_SET(DesiredAccess, GENERIC_READ) ||
		 IS_BIT_SET(DesiredAccess, READ_CONTROL) ||
		 IS_BIT_SET(DesiredAccess, SECTION_MAP_READ) ||
		 IS_BIT_SET(DesiredAccess, SECTION_ALL_ACCESS) )

		OperationType |= OP_READ;


	if ( IS_BIT_SET(DesiredAccess, SECTION_EXTEND_SIZE) ||
		 IS_BIT_SET(DesiredAccess, GENERIC_WRITE) ||
		 IS_BIT_SET(DesiredAccess, WRITE_DAC) ||
		 IS_BIT_SET(DesiredAccess, GENERIC_ALL) ||
		 IS_BIT_SET(DesiredAccess, SECTION_MAP_WRITE) ||
		 IS_BIT_SET(DesiredAccess, SECTION_ALL_ACCESS) )

		OperationType |= OP_WRITE;


	if ( IS_BIT_SET(DesiredAccess, SECTION_MAP_EXECUTE) ||
		 IS_BIT_SET(DesiredAccess, GENERIC_ALL) ||
		 IS_BIT_SET(DesiredAccess, SECTION_ALL_ACCESS) )

		 OperationType |= OP_EXECUTE;


	if (OperationType == 0)
//		OperationType = OP_READ | OP_WRITE | OP_EXECUTE;
		LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("Get_SECTION_OperationType: Unknown desired access mask %x\n", DesiredAccess));


	return OperationType;
}



/*
 * Get_JOB_OperationType()
 *
 * Description:
 *		This function decodes job object operation types such as JOB_OBJECT_QUERY and converts them to
 *		3 internal operations: OP_READ, OP_WRITE and OP_EXECUTE.
 *
 * Parameters:
 *		DesiredAccess - ACCESS_MASK structure (a doubleword value containing standard, specific, and generic rights).
 *
 * Returns:
 *		A combination of OP_READ, OP_WRITE & OP_EXECUTE flags set depending on the DesiredAccess argument.
 */

UCHAR
Get_JOB_OperationType(ACCESS_MASK DesiredAccess)
{
	UCHAR		OperationType = 0;


	if ( IS_BIT_SET(DesiredAccess, JOB_OBJECT_QUERY) ||
		 IS_BIT_SET(DesiredAccess, JOB_OBJECT_ALL_ACCESS) )

		OperationType |= OP_READ;


	if ( IS_BIT_SET(DesiredAccess, JOB_OBJECT_ASSIGN_PROCESS) ||
		 IS_BIT_SET(DesiredAccess, JOB_OBJECT_SET_ATTRIBUTES) ||
		 IS_BIT_SET(DesiredAccess, JOB_OBJECT_TERMINATE) ||
		 IS_BIT_SET(DesiredAccess, JOB_OBJECT_SET_SECURITY_ATTRIBUTES) ||
		 IS_BIT_SET(DesiredAccess, JOB_OBJECT_ALL_ACCESS) )

		OperationType |= OP_WRITE;


	if (OperationType == 0)
//		OperationType = OP_READ | OP_WRITE | OP_EXECUTE;
		LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("Get_JOB_OperationType: Unknown desired access mask %x\n", DesiredAccess));


	return OperationType;
}



/*
 * Get_MUTANT_OperationType()
 *
 * Description:
 *		This function decodes mutant operation types such as JOB_OBJECT_QUERY and converts them to
 *		3 internal operations: OP_READ, OP_WRITE and OP_EXECUTE.
 *
 * Parameters:
 *		DesiredAccess - ACCESS_MASK structure (a doubleword value containing standard, specific, and generic rights).
 *
 * Returns:
 *		A combination of OP_READ, OP_WRITE & OP_EXECUTE flags set depending on the DesiredAccess argument.
 */

UCHAR
Get_MUTANT_OperationType(ACCESS_MASK DesiredAccess)
{
	UCHAR		OperationType = 0;


	if ( IS_BIT_SET(DesiredAccess, MUTANT_QUERY_STATE) ||
		 IS_BIT_SET(DesiredAccess, GENERIC_READ) ||
		 IS_BIT_SET(DesiredAccess, GENERIC_ALL) ||
		 IS_BIT_SET(DesiredAccess, READ_CONTROL) ||
		 IS_BIT_SET(DesiredAccess, SYNCHRONIZE) ||
		 IS_BIT_SET(DesiredAccess, MUTANT_ALL_ACCESS) )

		OperationType |= OP_READ;


	if ( IS_BIT_SET(DesiredAccess, MUTANT_ALL_ACCESS) ||
		 IS_BIT_SET(DesiredAccess, WRITE_OWNER) ||
		 IS_BIT_SET(DesiredAccess, GENERIC_WRITE) ||
		 IS_BIT_SET(DesiredAccess, WRITE_DAC) ||
		 IS_BIT_SET(DesiredAccess, GENERIC_ALL) )

		OperationType |= OP_WRITE;


	if (OperationType == 0)
//		OperationType = OP_READ | OP_WRITE | OP_EXECUTE;
		LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("Get_MUTANT_OperationType: Unknown desired access mask %x\n", DesiredAccess));


	return OperationType;
}



/*
 * Get_SYMLINK_OperationType()
 *
 * Description:
 *		This function decodes symbolic link operation types such as SYMBOLIC_LINK_QUERY and converts them to
 *		3 internal operations: OP_READ, OP_WRITE and OP_EXECUTE.
 *
 * Parameters:
 *		DesiredAccess - ACCESS_MASK structure (a doubleword value containing standard, specific, and generic rights).
 *
 * Returns:
 *		A combination of OP_READ, OP_WRITE & OP_EXECUTE flags set depending on the DesiredAccess argument.
 */

UCHAR
Get_SYMLINK_OperationType(ACCESS_MASK DesiredAccess)
{
	UCHAR		OperationType = 0;


	if ( IS_BIT_SET(DesiredAccess, SYMBOLIC_LINK_QUERY) ||
		 IS_BIT_SET(DesiredAccess, GENERIC_READ) ||
		 IS_BIT_SET(DesiredAccess, SYNCHRONIZE) ||
		 IS_BIT_SET(DesiredAccess, SYMBOLIC_LINK_ALL_ACCESS) )

		OperationType |= OP_READ;


	if ( IS_BIT_SET(DesiredAccess, DELETE) ||
		 IS_BIT_SET(DesiredAccess, MAXIMUM_ALLOWED) ||
		 IS_BIT_SET(DesiredAccess, SYMBOLIC_LINK_ALL_ACCESS) )

		OperationType |= OP_WRITE;


	if (OperationType == 0)
//		OperationType = OP_READ | OP_WRITE | OP_EXECUTE;
		LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("Get_SYMLINK_OperationType: Unknown desired access mask %x\n", DesiredAccess));


	return OperationType;
}



/*
 * Get_TIMER_OperationType()
 *
 * Description:
 *		This function decodes timer operation types such as JOB_OBJECT_QUERY and converts them to
 *		3 internal operations: OP_READ, OP_WRITE and OP_EXECUTE.
 *
 * Parameters:
 *		DesiredAccess - ACCESS_MASK structure (a doubleword value containing standard, specific, and generic rights).
 *
 * Returns:
 *		A combination of OP_READ, OP_WRITE & OP_EXECUTE flags set depending on the DesiredAccess argument.
 */

UCHAR
Get_TIMER_OperationType(ACCESS_MASK DesiredAccess)
{
	UCHAR		OperationType = 0;


	if ( IS_BIT_SET(DesiredAccess, TIMER_QUERY_STATE) ||
		 IS_BIT_SET(DesiredAccess, TIMER_ALL_ACCESS) )

		OperationType |= OP_READ;


	if ( IS_BIT_SET(DesiredAccess, TIMER_MODIFY_STATE) ||
		 IS_BIT_SET(DesiredAccess, TIMER_ALL_ACCESS) )

		OperationType |= OP_WRITE;


	if (OperationType == 0)
//		OperationType = OP_READ | OP_WRITE | OP_EXECUTE;
		LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("Get_TIMER_OperationType: Unknown desired access mask %x\n", DesiredAccess));


	return OperationType;
}



/*
 * Get_PORT_OperationType()
 *
 * Description:
 *		This function decodes port operation types and converts them to
 *		3 internal operations: OP_READ, OP_WRITE and OP_EXECUTE.
 *
 * Parameters:
 *		DesiredAccess - ACCESS_MASK structure (a doubleword value containing standard, specific, and generic rights).
 *
 * Returns:
 *		OP_WRITE.
 */

UCHAR
Get_PORT_OperationType(ACCESS_MASK DesiredAccess)
{
	return OP_WRITE;
}



/*
 * Get_DIROBJ_OperationType()
 *
 * Description:
 *		This function decodes directory operation types such as DIRECTORY_QUERY and converts them to
 *		3 internal operations: OP_READ, OP_WRITE and OP_EXECUTE.
 *
 * Parameters:
 *		DesiredAccess - ACCESS_MASK structure (a doubleword value containing standard, specific, and generic rights).
 *
 * Returns:
 *		A combination of OP_READ, OP_WRITE & OP_EXECUTE flags set depending on the DesiredAccess argument.
 */

UCHAR
Get_DIROBJ_OperationType(ACCESS_MASK DesiredAccess)
{
	UCHAR		OperationType = 0;


	if ( IS_BIT_SET(DesiredAccess, DIRECTORY_QUERY) ||
		 IS_BIT_SET(DesiredAccess, DIRECTORY_TRAVERSE) ||
		 IS_BIT_SET(DesiredAccess, DIRECTORY_ALL_ACCESS) )

		OperationType |= OP_READ;


	if ( IS_BIT_SET(DesiredAccess, DIRECTORY_CREATE_OBJECT) ||
		 IS_BIT_SET(DesiredAccess, DIRECTORY_CREATE_SUBDIRECTORY) ||
		 IS_BIT_SET(DesiredAccess, DIRECTORY_ALL_ACCESS) )

		OperationType |= OP_WRITE;


	if (OperationType == 0)
//		OperationType = OP_READ | OP_WRITE | OP_EXECUTE;
		LOG(LOG_SS_MISC, LOG_PRIORITY_DEBUG, ("Get_DIROBJ_OperationType: Unknown desired access mask %x\n", DesiredAccess));


	return OperationType;
}
12

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -