Looking into Access Masks

In this monologue podcast, Pavel Yosifovich explains Access Masks in Windows, which are 32-bit values representing access rights for objects, found in handles and Access Control Entries (ACEs) within Access Control Lists (ACLs). He demonstrates how to view Access Masks using tools like Process Explorer and kernel debuggers, showing how they define what a user can do with an object. The discussion covers specific and standard rights, generic access rights (read, write, execute, all), and how these translate to specific rights depending on the object type, recommending explicit access specifications for programming to avoid requesting more permissions than necessary.

Outlines

Sign in to continue reading, translating and more.

Continue

Pavel Yosifovich

Introduction to Access Masks in Windows

Access Masks in Process Explorer and Security Descriptors

Examining Access Masks with a Kernel Debugger

Structure of Access Masks and Generic Access Rights

Practical Example: Terminating a Process and Access Mask Considerations

Looking into Access Masks

Pavel Yosifovich

00:00Introduction to Access Masks in Windows

Introduction to Access Masks in Windows

01:48Access Masks in Process Explorer and Security Descriptors

Access Masks in Process Explorer and Security Descriptors

07:08Examining Access Masks with a Kernel Debugger

Examining Access Masks with a Kernel Debugger

11:14Structure of Access Masks and Generic Access Rights

Structure of Access Masks and Generic Access Rights

17:20Practical Example: Terminating a Process and Access Mask Considerations

Practical Example: Terminating a Process and Access Mask Considerations