Tuesday, February 10, 2009

Object Access Command codes

These are the codes used in the 560 Object Access Event ID message to denote various types of object access. I do not have a full set yet.
I do not know the exact distinction yet between the high level and low level codes.

High level Generic Codes

1537 DELETE
1538 READ_CONTROL
1539 WRITE_DAC
1540 WRITE_OWNER
1541 SYNCHRONIZE
1542 ACCESS_SYS_SEC

File codes

4416 ReadData
4417 WriteData
4418 AppendData
4419 ReadEA
4420 WriteEA
4421 Execute/Traverse
4422
4423 ReadAttributes
4424 WriteAttributes


Registry Codes

4432 Query Key Value
4433 Set Key Value
4434 Create Sub Key
4435 Enumerate sub-keys
4436 Notify about changes to keys
4437 Create Link

Printer Codes

6931 Print
Posted by HVAC at 5:40 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)