1 files changed, 55 insertions, 0 deletions
diff --git a/accessmask.h b/accessmask.h
new file mode 100644
index 0000000..7ff4a49
--- /dev/null
+++ b/accessmask.h
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 2004 Security Architects Corporation. All rights reserved.
+ *
+ * Module Name:
+ *
+ *              accessmask.h
+ *
+ * Abstract:
+ *
+ *              This module implements various ACCESS_MASK decoding routines.
+ *
+ * Author:
+ *
+ *              Eugene Tsyrklevich 18-Mar-2004
+ *
+ * Revision History:
+ *
+ *              None.
+ */
+#ifndef __ACCESSMASK_H__
+#define __ACCESSMASK_H__
+#include <NTDDK.h>
+#include "policy.h"
+#include "ntproto.h"
+#include "log.h"
+// IBS = Is Bit Set?
+#define IS_BIT_SET(da, mask) (((da) & (mask)) == (mask))
+UCHAR Get_FILE_OperationType(ACCESS_MASK DesiredAccess);
+UCHAR Get_NAMEDPIPE_OperationType(ACCESS_MASK DesiredAccess);
+UCHAR Get_MAILSLOT_OperationType(ACCESS_MASK DesiredAccess);
+UCHAR Get_REGISTRY_OperationType(ACCESS_MASK DesiredAccess);
+UCHAR Get_EVENT_OperationType(ACCESS_MASK DesiredAccess);
+UCHAR Get_SEMAPHORE_OperationType(ACCESS_MASK DesiredAccess);
+UCHAR Get_SECTION_OperationType(ACCESS_MASK DesiredAccess);
+UCHAR Get_JOB_OperationType(ACCESS_MASK DesiredAccess);
+UCHAR Get_MUTANT_OperationType(ACCESS_MASK DesiredAccess);
+UCHAR Get_SYMLINK_OperationType(ACCESS_MASK DesiredAccess);
+UCHAR Get_TIMER_OperationType(ACCESS_MASK DesiredAccess);
+UCHAR Get_PORT_OperationType(ACCESS_MASK DesiredAccess);
+UCHAR Get_DIROBJ_OperationType(ACCESS_MASK DesiredAccess);
+void DecodeFileOperationType(ACCESS_MASK DesiredAccess);
+#endif  /* __ACCESSMASK_H__ */
+\ No newline at end of file

diff --git a/accessmask.h b/accessmask.h new file mode 100644 index 0000000..7ff4a49 --- /dev/null +++ b/accessmask.h
@@ -0,0 +1,55 @@
	1	/*
	2	* Copyright (c) 2004 Security Architects Corporation. All rights reserved.
	3	*
	4	* Module Name:
	5	*
	6	* accessmask.h
	7	*
	8	* Abstract:
	9	*
	10	* This module implements various ACCESS_MASK decoding routines.
	11	*
	12	* Author:
	13	*
	14	* Eugene Tsyrklevich 18-Mar-2004
	15	*
	16	* Revision History:
	17	*
	18	* None.
	19	*/
	20
	21
	22	#ifndef __ACCESSMASK_H__
	23	#define __ACCESSMASK_H__
	24
	25
	26	#include <NTDDK.h>
	27	#include "policy.h"
	28	#include "ntproto.h"
	29	#include "log.h"
	30
	31
	32	// IBS = Is Bit Set?
	33
	34	#define IS_BIT_SET(da, mask) (((da) & (mask)) == (mask))
	35
	36
	37	UCHAR Get_FILE_OperationType(ACCESS_MASK DesiredAccess);
	38	UCHAR Get_NAMEDPIPE_OperationType(ACCESS_MASK DesiredAccess);
	39	UCHAR Get_MAILSLOT_OperationType(ACCESS_MASK DesiredAccess);
	40	UCHAR Get_REGISTRY_OperationType(ACCESS_MASK DesiredAccess);
	41	UCHAR Get_EVENT_OperationType(ACCESS_MASK DesiredAccess);
	42	UCHAR Get_SEMAPHORE_OperationType(ACCESS_MASK DesiredAccess);
	43	UCHAR Get_SECTION_OperationType(ACCESS_MASK DesiredAccess);
	44	UCHAR Get_JOB_OperationType(ACCESS_MASK DesiredAccess);
	45	UCHAR Get_MUTANT_OperationType(ACCESS_MASK DesiredAccess);
	46	UCHAR Get_SYMLINK_OperationType(ACCESS_MASK DesiredAccess);
	47	UCHAR Get_TIMER_OperationType(ACCESS_MASK DesiredAccess);
	48	UCHAR Get_PORT_OperationType(ACCESS_MASK DesiredAccess);
	49	UCHAR Get_DIROBJ_OperationType(ACCESS_MASK DesiredAccess);
	50
	51	void DecodeFileOperationType(ACCESS_MASK DesiredAccess);
	52
	53
	54
	55	#endif /* __ACCESSMASK_H__ */ \ No newline at end of file