hello all,
This is my first time posting to this list. I came here because I need some help. The scenario goes as follows:
I have a windows xp machine with two accounts:
user_admin - belonging to administrators group
user_limited - limited account
- the limited user creates a file c:\test.txt
- the same user takes ownership of the file and sets full permissions just for itself, deleting all other permissions.
My target is to write a piece of code that would access this file, take ownership and get full permissions for user_admin (being logged on this account).
With windows explorer I managed to do this. It first tells me that I can only modify ownership and System security (SACL List). I do this, click ok and on a second try it lets me edit the permissions too.
I have a hard time doing this from my code as I can’t seem to manage to get a valid handle to the file in the first place.
I tried to put WRITE_OWNER on the CreateFile ACCESS_MASK but with no luck.
I also monitored what windows explorer does with Process Monitor from Sysinternals. The log looks as follows:
“5:52:51.6019421 AM”,“explorer.exe”,“1040”,“IRP_MJ_CREATE”,“C:\test.txt”,“SUCCESS”,“Desired Access: Write Owner, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: E540E88861574DD-test-, OpenResult: Opened”
“5:52:51.6020963 AM”,“explorer.exe”,“1040”,“IRP_MJ_SET_SECURITY”,“C:\test.txt”,“SUCCESS”,“Information: Owner”
“5:52:51.6023078 AM”,“explorer.exe”,“1040”,“IRP_MJ_CLEANUP”,“C:\test.txt”,“SUCCESS”,“”
“5:52:51.6024368 AM”,“explorer.exe”,“1040”,“IRP_MJ_CLOSE”,“C:\test.txt”,“SUCCESS”,“”
Any ideas regarding this would be highly appreciated.
thanks guys!
Mihai Cimpoesu,
BitDefender Senior Virus Researcher