Using !acl - Access Control Lists in WinDbg

x BlueRobot · Apr 26, 2021

So, MSDN has a good article on how to use !acl command and how to find the pointer to the access control list for a given object. However, I had a little difficulty at first with getting the suggested command to work. The article doesn't actually state that you must use C++ expression evaluation rather than MASM.

You must use the expression like so:

Rich (BB code):

1: kd> ?? 0xe11f08b6 & ~0x7
unsigned int 0xe11f08b0

The ~ operator is known as the complement operator and flips the bits to their opposite value. Please see the example below:

Rich (BB code):

1: kd> .formats 0x7
Evaluate expression:
  Hex:     00000000`00000007
  Decimal: 7
  Octal:   0000000000000000000007
  Binary:  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000111
  Chars:   ........
  Time:    Thu Jan  1 00:00:07 1970
  Float:   low 9.80909e-045 high 0
  Double:  3.45846e-323

Rich (BB code):

1: kd> ?? ~0x7
int 0n-8
1: kd> .formats 0n-8
Evaluate expression:
  Hex:     ffffffff`fffffff8
  Decimal: -8
  Octal:   1777777777777777777770
  Binary:  11111111 11111111 11111111 11111111 11111111 11111111 11111111 11111000
  Chars:   ........
  Time:    ***** Invalid
  Float:   low -1.#QNAN high -1.#QNAN
  Double:  -1.#QNAN

Notice how the bits have flipped? I hope this helps others who were facing the same issue I was.

References:

Determining the ACL of an Object - Windows drivers
C++ Numbers and Operators - Windows drivers
How does the bitwise complement operator (~ tilde) work?

Search

Search

Using !acl - Access Control Lists in WinDbg

x BlueRobot

Administrator