9 May
2005
9 May
'05
1:20 p.m.
Javier Muñoz Mellid wrote:
Hi there,
It'd be very appreciated if some fellow with write access can commit
this patch.
It implements SeCreateAccessState, SeDeleteAccessState and
SeSetAccessStateGenericMapping.
It defines an opaque structure for _ACCESS_STATE too.
Best regards,
-Javier
And I would very much appreciate to know
1) Why you had to reverse an opaque structure:
a) It's easy to guess the layout since it was created in NT4 to
manage something new added post NT 3.5.1
b) There's no point in cloning something so opaque that it's not
even in the symbols, since nobody could possibly be using it.
2) How you knew that the third member of that structure (or that it even
exists) is an ACCESS_MASK called AccessesToAudit.
I've looked at the functions you implemented and it isn't used anywhere.
I've looked with IDA at the binaries, and it's not used anywhere either.
Best regards,
Alex Ionescu