/******************************************************************************* * * (C) COPYRIGHT AUTHORS, 2015 * * TITLE: PROPTYPECONSTS.H * * VERSION: 1.00 * * DATE: 23 Feb 2015 * * Consts header file for Type property sheet. * * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A * PARTICULAR PURPOSE. * *******************************************************************************/ //Unknown object attribute #define T_Unknown L"Unknown" #define T_NULL L"NULL" /* ** Filter*Port */ #define T_FILTER_CONNECTION_PORT L"FilterConnectionPort" #define T_FILTER_COMMUNICATION_PORT L"FilterCommunicationPort" /* ** Object Attributes, Access Rights, etc */ #define T_StandardUnknown L"StandardUnknown" #define T_SpecificAccessRight L"SpecificAccessRight" #define T_GenericAll L"Generic All" #define T_GenericExecute L"Generic Execute" #define T_GenericWrite L"Generic Write" #define T_GenericRead L"Generic Read" #define T_ValidAccess L"Valid Access" #define T_InvalidAttributes L"Invalid Attributes" //OBJECT_TYPE->OBJECT_TYPE_INITIALIZER Flags static LPCWSTR T_ObjectTypeFlags[8] = { L"CaseInsensitive", //0 L"UnnamedObjectsOnly", //1 L"UseDefaultObject", //2 L"SecurityRequired", //3 L"MaintainHandleCount", //4 L"MaintainTypeList", //5 L"SupportsObjectCallbacks", //6 L"CacheAligned" //7 }; //Known Object Attributes #define MAX_KNOWN_OBJECT_ATTRIBUTES 8 static VALUE_DESC a_ObjProp[MAX_KNOWN_OBJECT_ATTRIBUTES] = { { L"OBJ_INHERIT", OBJ_INHERIT }, { L"OBJ_PERMANENT", OBJ_PERMANENT }, { L"OBJ_EXCLUSIVE", OBJ_EXCLUSIVE }, { L"OBJ_CASE_INSENSITIVE", OBJ_CASE_INSENSITIVE }, { L"OBJ_OPENIF", OBJ_OPENIF }, { L"OBJ_OPENLINK", OBJ_OPENLINK }, { L"OBJ_KERNEL_HANDLE", OBJ_KERNEL_HANDLE }, { L"OBJ_FORCE_ACCESS_CHECK", OBJ_FORCE_ACCESS_CHECK } }; //Standard Access Rights #define MAX_KNOWN_STANDARD_ATTRIBUTES 11 static VALUE_DESC a_Standard[MAX_KNOWN_STANDARD_ATTRIBUTES] = { { L"DELETE", DELETE }, { L"READ_CONTROL", READ_CONTROL }, { L"WRITE_DAC", WRITE_DAC }, { L"WRITE_OWNER", WRITE_OWNER }, { L"SYNCHRONIZE", SYNCHRONIZE }, { L"ACCESS_SYSTEM_SECURITY", ACCESS_SYSTEM_SECURITY }, { L"MAXIMUM_ALLOWED", MAXIMUM_ALLOWED }, { L"GENERIC_READ", GENERIC_READ }, { L"GENERIC_WRITE", GENERIC_WRITE }, { L"GENERIC_EXECUTE", GENERIC_EXECUTE }, { L"GENERIC_ALL", GENERIC_ALL } }; //Known pool types #define MAX_KNOWN_POOL_TYPES 7 static VALUE_DESC a_PoolTypes[MAX_KNOWN_POOL_TYPES] = { { L"NonPagedPool", NonPagedPool }, { L"PagedPool", PagedPool }, { L"NonPagedPoolCacheAligned", NonPagedPoolCacheAligned }, { L"PagedPoolCacheAligned", PagedPoolCacheAligned }, { L"NonPagedPoolNx", NonPagedPoolNx }, { L"NonPagedPoolNxCacheAligned", NonPagedPoolNxCacheAligned }, { L"NonPagedPoolSessionNx", NonPagedPoolSessionNx } }; //Known Directory Access Rights #define MAX_KNOWN_DIRECTORY_ATTRIBUTES 4 static VALUE_DESC a_DirProp[MAX_KNOWN_DIRECTORY_ATTRIBUTES] = { { L"DIRECTORY_QUERY", DIRECTORY_QUERY }, { L"DIRECTORY_TRAVERSE", DIRECTORY_TRAVERSE }, { L"DIRECTORY_CREATE_OBJECT", DIRECTORY_CREATE_OBJECT }, { L"DIRECTORY_CREATE_SUBDIRECTORY", DIRECTORY_CREATE_SUBDIRECTORY } }; //Known Section Access Rights #define MAX_KNOWN_SECTION_ATTRIBUTES 6 static VALUE_DESC a_SectionProp[MAX_KNOWN_SECTION_ATTRIBUTES] = { { L"SECTION_QUERY", SECTION_QUERY }, { L"SECTION_MAP_WRITE", SECTION_MAP_WRITE }, { L"SECTION_MAP_READ", SECTION_MAP_READ }, { L"SECTION_MAP_EXECUTE", SECTION_MAP_EXECUTE }, { L"SECTION_EXTEND_SIZE", SECTION_EXTEND_SIZE }, { L"SECTION_MAP_EXECUTE_EXPLICIT", SECTION_MAP_EXECUTE_EXPLICIT } }; //Known Event Access Rights #define MAX_KNOWN_EVENT_ATTRIBUTES 2 static VALUE_DESC a_EventProp[MAX_KNOWN_EVENT_ATTRIBUTES] = { { L"EVENT_QUERY_STATE", EVENT_QUERY_STATE }, { L"EVENT_MODIFY_STATE", EVENT_MODIFY_STATE } }; //Known Event Access Rights #define MAX_KNOWN_IOCOMPLETION_ATTRIBUTES 2 static VALUE_DESC a_IoCompletionProp[MAX_KNOWN_IOCOMPLETION_ATTRIBUTES] = { { L"IO_COMPLETION_QUERY_STATE", IO_COMPLETION_QUERY_STATE }, { L"IO_COMPLETION_MODIFY_STATE", IO_COMPLETION_MODIFY_STATE } }; //Known Mutant Access Rights #define MAX_KNOWN_MUTANT_ATTRIBUTES 1 static VALUE_DESC a_MutantProp[MAX_KNOWN_MUTANT_ATTRIBUTES] = { { L"MUTANT_QUERY_STATE", MUTANT_QUERY_STATE } }; //Known Port Access Rights #define MAX_KNOWN_PORT_ATTRIBUTES 1 static VALUE_DESC a_PortProp[MAX_KNOWN_PORT_ATTRIBUTES] = { { L"PORT_CONNECT", PORT_CONNECT } }; //Known Profile Access Rights #define MAX_KNOWN_PROFILE_ATTRIBUTES 1 static VALUE_DESC a_ProfileProp[MAX_KNOWN_PROFILE_ATTRIBUTES] = { { L"PROFILE_CONTROL", PROFILE_CONTROL } }; //Known Semaphore Access Rights #define MAX_KNOWN_SEMAPHORE_ATTRIBUTES 2 static VALUE_DESC a_SemaphoreProp[MAX_KNOWN_SEMAPHORE_ATTRIBUTES] = { { L"SEMAPHORE_QUERY_STATE", SEMAPHORE_QUERY_STATE }, { L"SEMAPHORE_MODIFY_STATE", SEMAPHORE_MODIFY_STATE } }; //Known SymLink Access Rights #define MAX_KNOWN_SYMLINK_ATTRIBUTES 1 static VALUE_DESC a_SymLinkProp[MAX_KNOWN_SYMLINK_ATTRIBUTES] = { { L"SYMBOLIC_LINK_QUERY", SYMBOLIC_LINK_QUERY } }; //Known Type Access Rights #define MAX_KNOWN_TYPE_ATTRIBUTES 1 static VALUE_DESC a_TypeProp[MAX_KNOWN_TYPE_ATTRIBUTES] = { { L"OBJECT_TYPE_CREATE", OBJECT_TYPE_CREATE } }; //Known Key Access Rights #define MAX_KNOWN_KEY_ATTRIBUTES 8 static VALUE_DESC a_KeyProp[MAX_KNOWN_KEY_ATTRIBUTES] = { { L"KEY_QUERY_VALUE", KEY_QUERY_VALUE }, { L"KEY_SET_VALUE", KEY_SET_VALUE }, { L"KEY_CREATE_SUB_KEY", KEY_CREATE_SUB_KEY }, { L"KEY_ENUMERATE_SUB_KEYS", KEY_ENUMERATE_SUB_KEYS }, { L"KEY_NOTIFY", KEY_NOTIFY }, { L"KEY_CREATE_LINK", KEY_CREATE_LINK }, { L"KEY_WOW64_32KEY", KEY_WOW64_32KEY }, { L"KEY_WOW64_64KEY", KEY_WOW64_64KEY } }; //Known File Access Rights #define MAX_KNOWN_FILE_ATTRIBUTES 14 static VALUE_DESC a_FileProp[MAX_KNOWN_FILE_ATTRIBUTES] = { { L"FILE_READ_DATA", FILE_READ_DATA }, { L"FILE_LIST_DIRECTORY", FILE_LIST_DIRECTORY }, { L"FILE_WRITE_DATA", FILE_WRITE_DATA }, { L"FILE_ADD_FILE", FILE_ADD_FILE }, { L"FILE_APPEND_DATA", FILE_APPEND_DATA }, { L"FILE_ADD_SUBDIRECTORY", FILE_ADD_SUBDIRECTORY }, { L"FILE_CREATE_PIPE_INSTANCE", FILE_CREATE_PIPE_INSTANCE }, { L"FILE_READ_EA", FILE_READ_EA }, { L"FILE_WRITE_EA", FILE_WRITE_EA }, { L"FILE_EXECUTE", FILE_EXECUTE }, { L"FILE_TRAVERSE", FILE_TRAVERSE }, { L"FILE_DELETE_CHILD", FILE_DELETE_CHILD }, { L"FILE_READ_ATTRIBUTES", FILE_READ_ATTRIBUTES }, { L"FILE_WRITE_ATTRIBUTES", FILE_WRITE_ATTRIBUTES } }; //Known Callback Access Rights #define MAX_KNOWN_CALLBACK_ATTRIBUTES 1 static VALUE_DESC a_CallbackProp[MAX_KNOWN_CALLBACK_ATTRIBUTES] = { { L"CALLBACK_MODIFY_STATE", CALLBACK_MODIFY_STATE } }; //Known DebugObject Access Rights #define MAX_KNOWN_DEBUGOBJECT_ATTRIBUTES 4 static VALUE_DESC a_DebugObjectProp[MAX_KNOWN_DEBUGOBJECT_ATTRIBUTES] = { { L"DEBUG_READ_EVENT", DEBUG_READ_EVENT }, { L"DEBUG_PROCESS_ASSIGN", DEBUG_PROCESS_ASSIGN }, { L"DEBUG_SET_INFORMATION", DEBUG_SET_INFORMATION }, { L"DEBUG_QUERY_INFORMATION", DEBUG_QUERY_INFORMATION } }; //Known Desktop Access Rights #define MAX_KNOWN_DESKTOP_ATTRIBUTES 9 static VALUE_DESC a_DesktopObjectProp[MAX_KNOWN_DESKTOP_ATTRIBUTES] = { { L"DESKTOP_READOBJECTS", DESKTOP_READOBJECTS }, { L"DESKTOP_CREATEWINDOW", DESKTOP_CREATEWINDOW }, { L"DESKTOP_CREATEMENU", DESKTOP_CREATEMENU }, { L"DESKTOP_HOOKCONTROL", DESKTOP_HOOKCONTROL }, { L"DESKTOP_JOURNALRECORD", DESKTOP_JOURNALRECORD }, { L"DESKTOP_JOURNALPLAYBACK", DESKTOP_JOURNALPLAYBACK }, { L"DESKTOP_ENUMERATE", DESKTOP_ENUMERATE }, { L"DESKTOP_WRITEOBJECTS", DESKTOP_WRITEOBJECTS }, { L"DESKTOP_SWITCHDESKTOP", DESKTOP_SWITCHDESKTOP } }; //Known Job Access Rights #define MAX_KNOWN_JOB_ATTRIBUTES 5 static VALUE_DESC a_JobProp[MAX_KNOWN_JOB_ATTRIBUTES] = { { L"JOB_OBJECT_ASSIGN_PROCESS", JOB_OBJECT_ASSIGN_PROCESS }, { L"JOB_OBJECT_SET_ATTRIBUTES", JOB_OBJECT_SET_ATTRIBUTES }, { L"JOB_OBJECT_QUERY", JOB_OBJECT_QUERY }, { L"JOB_OBJECT_TERMINATE", JOB_OBJECT_TERMINATE }, { L"JOB_OBJECT_SET_SECURITY_ATTRIBUTES", JOB_OBJECT_SET_SECURITY_ATTRIBUTES } }; //Known KeyedEvent Access Rights #define MAX_KNOWN_KEYEDEVENT_ATTRIBUTES 2 static VALUE_DESC a_KeyedEventProp[MAX_KNOWN_KEYEDEVENT_ATTRIBUTES] = { { L"KEYEDEVENT_WAIT", KEYEDEVENT_WAIT }, { L"KEYEDEVENT_WAKE", KEYEDEVENT_WAKE } }; //Known Process Access Rights #define MAX_KNOWN_PROCESS_ATTRIBUTES 14 static VALUE_DESC a_ProcessProp[MAX_KNOWN_PROCESS_ATTRIBUTES] = { { L"PROCESS_TERMINATE", PROCESS_TERMINATE }, { L"PROCESS_CREATE_THREAD", PROCESS_CREATE_THREAD }, { L"PROCESS_SET_SESSIONID", PROCESS_SET_SESSIONID }, { L"PROCESS_VM_OPERATION", PROCESS_VM_OPERATION }, { L"PROCESS_VM_READ", PROCESS_VM_READ }, { L"PROCESS_VM_WRITE", PROCESS_VM_WRITE }, { L"PROCESS_DUP_HANDLE", PROCESS_DUP_HANDLE }, { L"PROCESS_CREATE_PROCESS", PROCESS_CREATE_PROCESS }, { L"PROCESS_SET_QUOTA", PROCESS_SET_QUOTA }, { L"PROCESS_SET_INFORMATION", PROCESS_SET_INFORMATION }, { L"PROCESS_QUERY_INFORMATION", PROCESS_QUERY_INFORMATION }, { L"PROCESS_SUSPEND_RESUME", PROCESS_SUSPEND_RESUME }, { L"PROCESS_QUERY_LIMITED_INFORMATION", PROCESS_QUERY_LIMITED_INFORMATION }, { L"PROCESS_SET_LIMITED_INFORMATION", PROCESS_SET_LIMITED_INFORMATION } }; //Known Timer Access Rights #define MAX_KNOWN_TIMER_ATTRIBUTES 2 static VALUE_DESC a_TimerProp[MAX_KNOWN_TIMER_ATTRIBUTES] = { { L"TIMER_QUERY_STATE", TIMER_QUERY_STATE }, { L"TIMER_MODIFY_STATE", TIMER_MODIFY_STATE } }; //Known Thread Access Rights #define MAX_KNOWN_THREAD_ATTRIBUTES 13 static VALUE_DESC a_ThreadProp[MAX_KNOWN_THREAD_ATTRIBUTES] = { { L"THREAD_TERMINATE", THREAD_TERMINATE }, { L"THREAD_SUSPEND_RESUME", THREAD_SUSPEND_RESUME }, { L"THREAD_GET_CONTEXT", THREAD_GET_CONTEXT }, { L"THREAD_SET_CONTEXT", THREAD_SET_CONTEXT }, { L"THREAD_QUERY_INFORMATION", THREAD_QUERY_INFORMATION }, { L"THREAD_SET_INFORMATION", THREAD_SET_INFORMATION }, { L"THREAD_SET_THREAD_TOKEN", THREAD_SET_THREAD_TOKEN }, { L"THREAD_IMPERSONATE", THREAD_IMPERSONATE }, { L"THREAD_DIRECT_IMPERSONATION", THREAD_DIRECT_IMPERSONATION }, { L"THREAD_SET_LIMITED_INFORMATION", THREAD_SET_LIMITED_INFORMATION }, { L"THREAD_QUERY_LIMITED_INFORMATION", THREAD_QUERY_LIMITED_INFORMATION }, { L"PROCESS_SUSPEND_RESUME", PROCESS_SUSPEND_RESUME }, { L"THREAD_RESUME", THREAD_RESUME } }; //Known Token Access Rights #define MAX_KNOWN_TOKEN_ATTRIBUTES 9 static VALUE_DESC a_TokenProp[MAX_KNOWN_TOKEN_ATTRIBUTES] = { { L"TOKEN_ASSIGN_PRIMARY", TOKEN_ASSIGN_PRIMARY }, { L"TOKEN_DUPLICATE", TOKEN_DUPLICATE }, { L"TOKEN_IMPERSONATE", TOKEN_IMPERSONATE }, { L"TOKEN_QUERY", TOKEN_QUERY }, { L"TOKEN_QUERY_SOURCE", TOKEN_QUERY_SOURCE }, { L"TOKEN_ADJUST_PRIVILEGES", TOKEN_ADJUST_PRIVILEGES }, { L"TOKEN_ADJUST_GROUPS", TOKEN_ADJUST_GROUPS }, { L"TOKEN_ADJUST_DEFAULT", TOKEN_ADJUST_DEFAULT }, { L"TOKEN_ADJUST_SESSIONID", TOKEN_ADJUST_SESSIONID } }; //Known WinStation Access Rights #define MAX_KNOWN_WINSTA_ATTRIBUTES 9 static VALUE_DESC a_WinstaProp[MAX_KNOWN_WINSTA_ATTRIBUTES] = { { L"WINSTA_ENUMDESKTOPS", WINSTA_ENUMDESKTOPS }, { L"WINSTA_READATTRIBUTES", WINSTA_READATTRIBUTES }, { L"WINSTA_ACCESSCLIPBOARD", WINSTA_ACCESSCLIPBOARD }, { L"WINSTA_CREATEDESKTOP", WINSTA_CREATEDESKTOP }, { L"WINSTA_WRITEATTRIBUTES", WINSTA_WRITEATTRIBUTES }, { L"WINSTA_ACCESSGLOBALATOMS", WINSTA_ACCESSGLOBALATOMS }, { L"WINSTA_EXITWINDOWS", WINSTA_EXITWINDOWS }, { L"WINSTA_ENUMERATE", WINSTA_ENUMERATE }, { L"WINSTA_READSCREEN", WINSTA_READSCREEN } }; //Known WmiGuid Access Rights #define MAX_KNOWN_WMIGUID_ATTRIBUTES 12 static VALUE_DESC a_WmiGuidProp[MAX_KNOWN_WMIGUID_ATTRIBUTES] = { { L"WMIGUID_QUERY", WMIGUID_QUERY }, { L"WMIGUID_SET", WMIGUID_SET }, { L"WMIGUID_NOTIFICATION", WMIGUID_NOTIFICATION }, { L"WMIGUID_READ_DESCRIPTION", WMIGUID_READ_DESCRIPTION }, { L"WMIGUID_EXECUTE", WMIGUID_EXECUTE }, { L"TRACELOG_CREATE_REALTIME", TRACELOG_CREATE_REALTIME }, { L"TRACELOG_CREATE_ONDISK", TRACELOG_CREATE_ONDISK }, { L"TRACELOG_GUID_ENABLE", TRACELOG_GUID_ENABLE }, { L"TRACELOG_ACCESS_KERNEL_LOGGER", TRACELOG_ACCESS_KERNEL_LOGGER }, { L"TRACELOG_CREATE_INPROC", TRACELOG_CREATE_INPROC }, { L"TRACELOG_ACCESS_REALTIME", TRACELOG_ACCESS_REALTIME }, { L"TRACELOG_REGISTER_GUIDS", TRACELOG_REGISTER_GUIDS } }; //Known TmTx Access Rights #define MAX_KNOWN_TMTX_ATTRIBUTES 7 static VALUE_DESC a_TmTxProp[MAX_KNOWN_TMTX_ATTRIBUTES] = { { L"TRANSACTION_QUERY_INFORMATION", TRANSACTION_QUERY_INFORMATION }, { L"TRANSACTION_SET_INFORMATION", TRANSACTION_SET_INFORMATION }, { L"TRANSACTION_ENLIST", TRANSACTION_ENLIST }, { L"TRANSACTION_COMMIT", TRANSACTION_COMMIT }, { L"TRANSACTION_ROLLBACK", TRANSACTION_ROLLBACK }, { L"TRANSACTION_PROPAGATE", TRANSACTION_PROPAGATE }, { L"TRANSACTION_RIGHT_RESERVED1", TRANSACTION_RIGHT_RESERVED1 } }; //Known TmRm Access Rights #define MAX_KNOWN_TMRM_ATTRIBUTES 7 static VALUE_DESC a_TmRmProp[MAX_KNOWN_TMRM_ATTRIBUTES] = { { L"RESOURCEMANAGER_QUERY_INFORMATION", RESOURCEMANAGER_QUERY_INFORMATION }, { L"RESOURCEMANAGER_SET_INFORMATION", RESOURCEMANAGER_SET_INFORMATION }, { L"RESOURCEMANAGER_RECOVER", RESOURCEMANAGER_RECOVER }, { L"RESOURCEMANAGER_ENLIST", RESOURCEMANAGER_ENLIST }, { L"RESOURCEMANAGER_GET_NOTIFICATION", RESOURCEMANAGER_GET_NOTIFICATION }, { L"RESOURCEMANAGER_REGISTER_PROTOCOL", RESOURCEMANAGER_REGISTER_PROTOCOL }, { L"RESOURCEMANAGER_COMPLETE_PROPAGATION", RESOURCEMANAGER_COMPLETE_PROPAGATION } }; //Known TmEn Access Rights #define MAX_KNOWN_TMEN_ATTRIBUTES 5 static VALUE_DESC a_TmEnProp[MAX_KNOWN_TMEN_ATTRIBUTES] = { { L"ENLISTMENT_QUERY_INFORMATION", ENLISTMENT_QUERY_INFORMATION }, { L"ENLISTMENT_SET_INFORMATION", ENLISTMENT_SET_INFORMATION }, { L"ENLISTMENT_RECOVER", ENLISTMENT_RECOVER }, { L"ENLISTMENT_SUBORDINATE_RIGHTS", ENLISTMENT_SUBORDINATE_RIGHTS }, { L"ENLISTMENT_SUPERIOR_RIGHTS", ENLISTMENT_SUPERIOR_RIGHTS } }; //Known TmTm Access Rights #define MAX_KNOWN_TMTM_ATTRIBUTES 6 static VALUE_DESC a_TmTmProp[MAX_KNOWN_TMTM_ATTRIBUTES] = { { L"TRANSACTIONMANAGER_QUERY_INFORMATION", TRANSACTIONMANAGER_QUERY_INFORMATION }, { L"TRANSACTIONMANAGER_SET_INFORMATION", TRANSACTIONMANAGER_SET_INFORMATION }, { L"TRANSACTIONMANAGER_RECOVER", TRANSACTIONMANAGER_RECOVER }, { L"TRANSACTIONMANAGER_RENAME", TRANSACTIONMANAGER_RENAME }, { L"TRANSACTIONMANAGER_CREATE_RM", TRANSACTIONMANAGER_CREATE_RM }, { L"TRANSACTIONMANAGER_BIND_TRANSACTION", TRANSACTIONMANAGER_BIND_TRANSACTION }, }; //Known Object Type Initializers #define MAX_KNOWN_OBJECT_TYPE_PROCEDURES 8 static LPWSTR T_TYPEPROCEDURES[MAX_KNOWN_OBJECT_TYPE_PROCEDURES] = { L"DumpProcedure", L"OpenProcedure", L"CloseProcedure", L"DeleteProcedure", L"ParseProcedure", L"SecurityProcedure", L"QueryNameProcedure", L"OkayToCloseProcedure" };