Sunday, January 6, 2008

More GENERIC_MAPPING changes on vista

In my last post I talked about the change in the generic mapping of the Process type. It turns out that Thread, Token and Key also changed on Vista.

For reference, these are the changes:



TOKEN:
Windows XP Windows Vista
+-----------------+-------------------+---------------------------+
GENERIC_EXECUTE READ_CONTROL READ_CONTROL
ASSIGN_PRIMARY
IMPERSONATE
+-----------------+-------------------+---------------------------+
GENERIC_READ READ_QUERY READ_QUERY
READ_CONTROL READ_CONTROL
DUPLICATE
QUERY_SOURCE
+-----------------+-------------------+---------------------------+
GENERIC_WRITE ADJUST_PRIVILEGES ADJUST_PRIVILEGES
ADJUST_GROUPS ADJUST_GROUPS
ADJUST_DEFAULT ADJUST_DEFAULT
READ_CONTROL READ_CONTROL
ADJUST_SESSIONID
+-----------------+-------------------+---------------------------+
Note: The TOKEN_ prefix has been removed.



THREAD:
Windows XP Windows Vista
+-----------------+-------------------+---------------------------+
GENERIC_EXECUTE READ_CONTROL READ_CONTROL
SYNCHRONIZE SYNCHRONIZE
QUERY_LIMITED_INFORMATION
+-----------------+-------------------+---------------------------+
GENERIC_READ GET_CONTEXT GET_CONTEXT
QUERY_INFORMATION QUERY_INFORMATION
READ_CONTROL READ_CONTROL
+-----------------+-------------------+---------------------------+
GENERIC_WRITE TERMINATE TERMINATE
SUSPEND_RESUME SUSPEND_RESUME
SET_CONTEXT SET_CONTEXT
SET_INFORMATION SET_INFORMATION
READ_CONTROL READ_CONTROL
0x00000004 0x00000004
SET_LIMITED_INFORMATION
+-----------------+-------------------+---------------------------+
Note: The THREAD_ prefix has been removed.



KEY:
Windows XP Windows Vista
+-----------------+-------------------+---------------------------+
GENERIC_EXECUTE QUERY_VALUE QUERY_VALUE
ENUMERATE_SUB_KEYS ENUMERATE_SUB_KEYS
NOTIFY NOTIFY
READ_CONTROL READ_CONTROL
CREATE_LINK
+-----------------+-------------------+---------------------------+
GENERIC_READ QUERY_VALUE QUERY_VALUE
ENUMERATE_SUB_KEYS ENUMERATE_SUB_KEYS
NOTIFY NOTIFY
READ_CONTROL READ_CONTROL
+-----------------+-------------------+---------------------------+
GENERIC_WRITE SET_VALUE SET_VALUE
CREATE_SUB_KEY CREATE_SUB_KEY
READ_CONTROL READ_CONTROL
+-----------------+-------------------+---------------------------+
Note: The KEY_ prefix has been removed.


You want to dump the GENERIC_MAPPING structure for other object types? You can find the code on http://nsylvain.googlepages.com/.

No comments: