You can find the information with windbg command in Windows XP
Don't miss generic desired access ^^
kd> ?? (*((nt!_OBJECT_TYPE**)@@(nt!PsProcessType)))->TypeInfo.GenericMapping
struct _GENERIC_MAPPING
+0x000 GenericRead : 0x20410
+0x004 GenericWrite : 0x20beb
+0x008 GenericExecute : 0x120000
+0x00c GenericAll : 0x1f0fff
kd> ?? (*((nt!_OBJECT_TYPE**)@@(nt!PsThreadType)))->TypeInfo.GenericMapping
struct _GENERIC_MAPPING
+0x000 GenericRead : 0x20048
+0x004 GenericWrite : 0x20037
+0x008 GenericExecute : 0x120000
+0x00c GenericAll : 0x1f03fjustlif
?? -> Evaluate C++ Expression
Process
GenericRead STANDARD_RIGHTS_READ | PROCESS_VM_READ | PROCESS_QUERY_INFORMATION,
GenericWrite STANDARD_RIGHTS_WRITE | PROCESS_CREATE_PROCESS | PROCESS_CREATE_THREAD |
PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_DUP_HANDLE |
PROCESS_TERMINATE | PROCESS_SET_QUOTA |
PROCESS_SET_INFORMATION | PROCESS_SET_PORT,
GenericExecute STANDARD_RIGHTS_EXECUTE | SYNCHRONIZE,
GenericAll PROCESS_ALL_ACCESS
Thread
GenericRead STANDARD_RIGHTS_READ | THREAD_GET_CONTEXT | THREAD_QUERY_INFORMATION,
GenericWrite STANDARD_RIGHTS_WRITE | THREAD_TERMINATE | THREAD_SUSPEND_RESUME | THREAD_ALERT |
THREAD_SET_INFORMATION | THREAD_SET_CONTEXT,
GenericExecute STANDARD_RIGHTS_EXECUTE | SYNCHRONIZE,
GenericAll THREAD_ALL_ACCESS
댓글 없음:
댓글 쓰기