- May 7, 2013
- 10,400
So, MSDN has a good article on how to use !acl command and how to find the pointer to the access control list for a given object. However, I had a little difficulty at first with getting the suggested command to work. The article doesn't actually state that you must use C++ expression evaluation rather than MASM.
You must use the expression like so:
The ~ operator is known as the complement operator and flips the bits to their opposite value. Please see the example below:
Notice how the bits have flipped? I hope this helps others who were facing the same issue I was.
References:
Determining the ACL of an Object - Windows drivers
C++ Numbers and Operators - Windows drivers
How does the bitwise complement operator (~ tilde) work?
You must use the expression like so:
Rich (BB code):
1: kd> ?? 0xe11f08b6 & ~0x7
unsigned int 0xe11f08b0The ~ operator is known as the complement operator and flips the bits to their opposite value. Please see the example below:
Rich (BB code):
1: kd> .formats 0x7
Evaluate expression:
Hex: 00000000`00000007
Decimal: 7
Octal: 0000000000000000000007
Binary: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000111
Chars: ........
Time: Thu Jan 1 00:00:07 1970
Float: low 9.80909e-045 high 0
Double: 3.45846e-323
Rich (BB code):
1: kd> ?? ~0x7
int 0n-8
1: kd> .formats 0n-8
Evaluate expression:
Hex: ffffffff`fffffff8
Decimal: -8
Octal: 1777777777777777777770
Binary: 11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111000
Chars: ........
Time: ***** Invalid
Float: low -1.#QNAN high -1.#QNAN
Double: -1.#QNANNotice how the bits have flipped? I hope this helps others who were facing the same issue I was.
References:
Determining the ACL of an Object - Windows drivers
C++ Numbers and Operators - Windows drivers
How does the bitwise complement operator (~ tilde) work?