From 2acec63b2ed75bf4b71ad257db573c4b8f9639e7 Mon Sep 17 00:00:00 2001
From: tumagonx
Date: Tue, 8 Aug 2017 10:54:53 +0700
Subject: initial commit

---
 accessmask.h | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)
 create mode 100644 accessmask.h

(limited to 'accessmask.h')

diff --git a/accessmask.h b/accessmask.h
new file mode 100644
index 0000000..7ff4a49
--- /dev/null
+++ b/accessmask.h
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 2004 Security Architects Corporation. All rights reserved.
+ *
+ * Module Name:
+ *
+ *		accessmask.h
+ *
+ * Abstract:
+ *
+ *		This module implements various ACCESS_MASK decoding routines.
+ *
+ * Author:
+ *
+ *		Eugene Tsyrklevich 18-Mar-2004
+ *
+ * Revision History:
+ *
+ *		None.
+ */
+
+
+#ifndef __ACCESSMASK_H__
+#define __ACCESSMASK_H__
+
+
+#include <NTDDK.h>
+#include "policy.h"
+#include "ntproto.h"
+#include "log.h"
+
+
+// IBS = Is Bit Set?
+
+#define	IS_BIT_SET(da, mask) (((da) & (mask)) == (mask))
+
+
+UCHAR Get_FILE_OperationType(ACCESS_MASK DesiredAccess);
+UCHAR Get_NAMEDPIPE_OperationType(ACCESS_MASK DesiredAccess);
+UCHAR Get_MAILSLOT_OperationType(ACCESS_MASK DesiredAccess);
+UCHAR Get_REGISTRY_OperationType(ACCESS_MASK DesiredAccess);
+UCHAR Get_EVENT_OperationType(ACCESS_MASK DesiredAccess);
+UCHAR Get_SEMAPHORE_OperationType(ACCESS_MASK DesiredAccess);
+UCHAR Get_SECTION_OperationType(ACCESS_MASK DesiredAccess);
+UCHAR Get_JOB_OperationType(ACCESS_MASK DesiredAccess);
+UCHAR Get_MUTANT_OperationType(ACCESS_MASK DesiredAccess);
+UCHAR Get_SYMLINK_OperationType(ACCESS_MASK DesiredAccess);
+UCHAR Get_TIMER_OperationType(ACCESS_MASK DesiredAccess);
+UCHAR Get_PORT_OperationType(ACCESS_MASK DesiredAccess);
+UCHAR Get_DIROBJ_OperationType(ACCESS_MASK DesiredAccess);
+
+void DecodeFileOperationType(ACCESS_MASK DesiredAccess);
+
+
+
+#endif	/* __ACCESSMASK_H__ */
\ No newline at end of file
-- 
cgit v1.3