Quantcast
Channel: Active questions tagged kernel - Stack Overflow
Viewing all articles
Browse latest Browse all 6393

Windows Syscall Tracing Using ETW - Value of DesiredAccess

September 20, 2021, 5:38 am
$
0
0

I am trying programmatically to monitor windows system calls in real-time.I've come across a log provider called "Microsoft-Windows-Kernel-Audit-API-Calls".Event data looks like this:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-Kernel-Audit-API-Calls" Guid="{e02a841c-75a3-4fa7-afc8-ae09cf9b7f23}" /><EventID>5</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x0</Keywords><TimeCreated SystemTime="2017-06-01T11:59:05.831179100-0500" /><Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" /><Execution ProcessID="1860" ThreadID="9628" ProcessorID="1" KernelTime="210" UserTime="1260" /><Channel /><Computer /></System><EventData><Data Name="TargetProcessId">4294967295</Data><Data Name="DesiredAccess"> 1052672</Data><Data Name="ReturnCode">3221225483</Data></EventData><RenderingInfo Culture="en-US"><Level>Information </Level><Opcode>Info </Opcode><Provider>Microsoft-Windows-Kernel-Audit-API-Calls </Provider></RenderingInfo>
I'm interested in the value of the parameter "DesiredAccess". It seems to only have integer values. Is there any way to somehow "translate" that integer into something that would be useful for further analysis?
Search
Viewing all articles
Browse latest Browse all 6393

Trending Articles

मतलबी दोस्त स्टेट्स | Matlabi Dost Status in Hindi – Selfish Friends Status

February 13, 2020, 3:12 am

Neem Baba Extra Questions Answer Class 6 English Poorvi

February 1, 2025, 5:19 am

Moondru Mudichu 07-06-2016 – Polimer tv Serial

June 7, 2016, 9:10 am

PUBG Mobile APK 0.13.5 +OBB Data: Free Download, Install, Play

September 26, 2019, 6:30 am

Jail for Brockworth 26-year-old who gambled away thousands of pounds of...

December 13, 2014, 4:18 am

Rajasthan Board 10th Result 2016 Roll No wise & Name Wise

August 20, 2016, 5:13 pm

NEW ### VIIPlusLoader-08.025.08-FULL-Installer --- TO --- VCDS 25.3.1

April 21, 2025, 1:18 am

Man charged with July slaying of Jovan Hopkins in Back of the Yards

August 23, 2015, 12:33 pm

Project Mercury, More than 150 arrests and a dozen children rescued in...

April 12, 2018, 10:35 am

Update: Web Page Creator for iOS - HTML Egg (Business)

February 6, 2013, 5:33 pm

Practice Sheet of Right form of verbs for HSC Students

September 22, 2019, 11:40 pm

Naam Hai Tera Tera Lyrics Translation | Himesh Reshammiya

February 23, 2018, 1:07 pm

IMGPatcher 2.20 (Oct 15 2019)

January 7, 2020, 1:40 am

The Legend Of Layton Simon: Detroit Drug Gang Boss Gets Lost In History,...

July 25, 2018, 8:51 pm

मुख मैथुन से उठाएं सेक्स का भरपूर मज़ा, जानें क्या है इसका सही तरीकामुख मैथुन...

May 17, 2020, 2:04 pm

Remote Access no longer working since upgrading from BT Home Hub 5 to BT...

August 27, 2016, 9:14 am

Download: Kapakala songs here

November 14, 2016, 9:52 pm

Luny Tunes & Daddy Yankee – Noche De Entierro (Remix) [feat. Ivy Queen,...

April 7, 2025, 12:36 pm

The Abominable Snowman – UK, 1957 – Scream Factory Blu-ray details revealed

November 4, 2019, 12:37 pm

Re: when i create a material thecustomize feild values need to update in...

June 4, 2015, 4:18 am
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>