EreTIk's Box » Cтатьи, исходники » Маски доступа для NtQueryInformationFile, NtSetInformationFile, NtQueryVolumeInformationFile и NtSetVolumeInformationFile


Необходимые маски доступа на объект файла при вызове NtQueryInformationFile, NtSetInformationFile, NtQueryVolumeInformationFile и NtSetVolumeInformationFile определяются в зависимости от класса информации, который указан при вызове этих функций. Поэтому я сгенерировал для себя (может кому-нибудь тоже будет полезно) таблицы соответствий класса информации и требуемых масок доступа. Для сборки был написан простенький скрипт ioam.py, который использует pykd.


Результат работы скрипта:


NtQueryInformationFile
FileDirectoryInformation /* = 1 */0
FileFullDirectoryInformation /* = 2 */0
FileBothDirectoryInformation /* = 3 */0
FileBasicInformation /* = 4 */FILE_READ_ATTRIBUTES
FileStandardInformation /* = 5 */0
FileInternalInformation /* = 6 */0
FileEaInformation /* = 7 */0
FileAccessInformation /* = 8 */0
FileNameInformation /* = 9 */0
FileRenameInformation /* = 10 */0
FileLinkInformation /* = 11 */0
FileNamesInformation /* = 12 */0
FileDispositionInformation /* = 13 */0
FilePositionInformation /* = 14 */0
FileFullEaInformation /* = 15 */FILE_READ_EA
FileModeInformation /* = 16 */0
FileAlignmentInformation /* = 17 */0
FileAllInformation /* = 18 */FILE_READ_ATTRIBUTES
FileAllocationInformation /* = 19 */0
FileEndOfFileInformation /* = 20 */0
FileAlternateNameInformation /* = 21 */0
FileStreamInformation /* = 22 */0
FilePipeInformation /* = 23 */FILE_READ_ATTRIBUTES
FilePipeLocalInformation /* = 24 */FILE_READ_ATTRIBUTES
FilePipeRemoteInformation /* = 25 */FILE_READ_ATTRIBUTES
FileMailslotQueryInformation /* = 26 */0
FileMailslotSetInformation /* = 27 */0
FileCompressionInformation /* = 28 */0
FileObjectIdInformation /* = 29 */0
FileCompletionInformation /* = 30 */0
FileMoveClusterInformation /* = 31 */0
FileQuotaInformation /* = 32 */0
FileReparsePointInformation /* = 33 */0
FileNetworkOpenInformation /* = 34 */FILE_READ_ATTRIBUTES
FileAttributeTagInformation /* = 35 */FILE_READ_ATTRIBUTES
FileTrackingInformation /* = 36 */0
FileIdBothDirectoryInformation /* = 37 */0
FileIdFullDirectoryInformation /* = 38 */0
FileValidDataLengthInformation /* = 39 */0
FileShortNameInformation /* = 40 */0
FileIoCompletionNotificationInformation /* = 41 */FILE_READ_ATTRIBUTES
FileIoStatusBlockRangeInformation /* = 42 */FILE_READ_ATTRIBUTES
FileIoPriorityHintInformation /* = 43 */FILE_READ_DATA
FileSfioReserveInformation /* = 44 */FILE_READ_DATA
FileSfioVolumeInformation /* = 45 */FILE_READ_ATTRIBUTES
FileHardLinkInformation /* = 46 */0
FileProcessIdsUsingFileInformation /* = 47 */FILE_READ_ATTRIBUTES
FileNormalizedNameInformation /* = 48 */0
FileNetworkPhysicalNameInformation /* = 49 */0
FileIdGlobalTxDirectoryInformation /* = 50 */0
FileIsRemoteDeviceInformation /* = 51 */FILE_READ_ATTRIBUTES
FileUnusedInformation /* = 52 */0xffffffff
FileNumaNodeInformation /* = 53 */0
FileStandardLinkInformation /* = 54 */0
FileRemoteProtocolInformation /* = 55 */0
FileRenameInformationBypassAccessCheck /* = 56 */0
FileLinkInformationBypassAccessCheck /* = 57 */0
FileVolumeNameInformation /* = 58 */0
FileIdInformation /* = 59 */0
FileIdExtdDirectoryInformation /* = 60 */0
FileReplaceCompletionInformation /* = 61 */0
FileHardLinkFullIdInformation /* = 62 */0
FileIdExtdBothDirectoryInformation /* = 63 */0

NtSetInformationFile
FileDirectoryInformation /* = 1 */0
FileFullDirectoryInformation /* = 2 */0
FileBothDirectoryInformation /* = 3 */0
FileBasicInformation /* = 4 */FILE_WRITE_ATTRIBUTES
FileStandardInformation /* = 5 */0
FileInternalInformation /* = 6 */0
FileEaInformation /* = 7 */0
FileAccessInformation /* = 8 */0
FileNameInformation /* = 9 */0
FileRenameInformation /* = 10 */DELETE
FileLinkInformation /* = 11 */0
FileNamesInformation /* = 12 */0
FileDispositionInformation /* = 13 */DELETE
FilePositionInformation /* = 14 */0
FileFullEaInformation /* = 15 */0
FileModeInformation /* = 16 */0
FileAlignmentInformation /* = 17 */0
FileAllInformation /* = 18 */0
FileAllocationInformation /* = 19 */FILE_WRITE_DATA
FileEndOfFileInformation /* = 20 */FILE_WRITE_DATA
FileAlternateNameInformation /* = 21 */0
FileStreamInformation /* = 22 */0
FilePipeInformation /* = 23 */FILE_WRITE_ATTRIBUTES
FilePipeLocalInformation /* = 24 */0
FilePipeRemoteInformation /* = 25 */FILE_WRITE_ATTRIBUTES
FileMailslotQueryInformation /* = 26 */0
FileMailslotSetInformation /* = 27 */0
FileCompressionInformation /* = 28 */0
FileObjectIdInformation /* = 29 */0
FileCompletionInformation /* = 30 */0
FileMoveClusterInformation /* = 31 */FILE_WRITE_DATA
FileQuotaInformation /* = 32 */0
FileReparsePointInformation /* = 33 */0
FileNetworkOpenInformation /* = 34 */0
FileAttributeTagInformation /* = 35 */0
FileTrackingInformation /* = 36 */FILE_WRITE_DATA
FileIdBothDirectoryInformation /* = 37 */0
FileIdFullDirectoryInformation /* = 38 */0
FileValidDataLengthInformation /* = 39 */FILE_WRITE_DATA
FileShortNameInformation /* = 40 */DELETE
FileIoCompletionNotificationInformation /* = 41 */0
FileIoStatusBlockRangeInformation /* = 42 */0
FileIoPriorityHintInformation /* = 43 */0
FileSfioReserveInformation /* = 44 */0
FileSfioVolumeInformation /* = 45 */0
FileHardLinkInformation /* = 46 */0
FileProcessIdsUsingFileInformation /* = 47 */0
FileNormalizedNameInformation /* = 48 */0
FileNetworkPhysicalNameInformation /* = 49 */0
FileIdGlobalTxDirectoryInformation /* = 50 */0
FileIsRemoteDeviceInformation /* = 51 */0
FileUnusedInformation /* = 52 */0xffffffff
FileNumaNodeInformation /* = 53 */0
FileStandardLinkInformation /* = 54 */0
FileRemoteProtocolInformation /* = 55 */0
FileRenameInformationBypassAccessCheck /* = 56 */0
FileLinkInformationBypassAccessCheck /* = 57 */0
FileVolumeNameInformation /* = 58 */0
FileIdInformation /* = 59 */0
FileIdExtdDirectoryInformation /* = 60 */0
FileReplaceCompletionInformation /* = 61 */0
FileHardLinkFullIdInformation /* = 62 */0
FileIdExtdBothDirectoryInformation /* = 63 */0

NtQueryVolumeInformationFile
FileFsVolumeInformation /* = 1 */0
FileFsLabelInformation /* = 2 */0
FileFsSizeInformation /* = 3 */0
FileFsDeviceInformation /* = 4 */0
FileFsAttributeInformation /* = 5 */0
FileFsControlInformation /* = 6 */FILE_READ_DATA
FileFsFullSizeInformation /* = 7 */0
FileFsObjectIdInformation /* = 8 */0
FileFsDriverPathInformation /* = 9 */0
FileFsVolumeFlagsInformation /* = 10 */FILE_READ_ATTRIBUTES
FileFsSectorSizeInformation /* = 11 */0
FileFsDataCopyInformation /* = 12 */0
FileFsMetadataSizeInformation /* = 13 */0

NtSetVolumeInformationFile
FileFsVolumeInformation /* = 1 */0
FileFsLabelInformation /* = 2 */FILE_WRITE_DATA
FileFsSizeInformation /* = 3 */0
FileFsDeviceInformation /* = 4 */0
FileFsAttributeInformation /* = 5 */0
FileFsControlInformation /* = 6 */FILE_WRITE_DATA
FileFsFullSizeInformation /* = 7 */0
FileFsObjectIdInformation /* = 8 */FILE_WRITE_DATA
FileFsDriverPathInformation /* = 9 */0
FileFsVolumeFlagsInformation /* = 10 */FILE_WRITE_ATTRIBUTES
FileFsSectorSizeInformation /* = 11 */0
FileFsDataCopyInformation /* = 12 */0
FileFsMetadataSizeInformation /* = 13 */0

Генерировалось все на основе отладочной информации и данных ядра 2012-го сервера версии 6.2.9200.16384 (win8_rtm.120725-1247).

Updated (17.02.2016)


Данные пере-генерированы для ядра версии 10.0.10586.0, скрипт ioam.py переписан для современной версии pykd 0.3.x


ΞρεΤΙκ