[Feature Request] - Display Default DACL of the access token for a process

winsiderss / systeminformer

A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals.com

https://systeminformer.sourceforge.io

MIT License

11.04k stars 1.4k forks source link

[Feature Request] - Display Default DACL of the access token for a process #2219

Open amithegde opened 1 month ago

amithegde commented 1 month ago

Description of the feature, modification, idea or suggestion

On the Process Properties dialog, Token tab, Please add a button to display default DACL of the token. There are other token information that can be useful as well.

https://learn.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-gettokeninformation https://learn.microsoft.com/en-us/windows/win32/api/winnt/ne-winnt-token_information_class

Proposed implementation details (optional)

No response

amithegde commented 1 month ago

I see that the permissions button already does that:

amithegde commented 1 month ago

When System Infromer runs as Administrator, it dsiplays the DACL for application running as System, but displays you don't have permission to view DACL for an application running as LocalService. Please help look into.

amithegde commented 1 month ago

when I open System Informer as SYSTEM, I get access to it. I was looking for an output similar to how windbg prints it. Something like this:

AclRevision 2 Sbz1 0 AclSize 128 AceCount 4 Sbz2 0 Ace[0] AceType 0: ACCESS_ALLOWED_ACE_TYPE AceFlags 0 AceSize 20 AccessMask 0x10000000 S-1-5-18 (NT AUTHORITY\SYSTEM)

dmex commented 1 month ago

you don't have permission to view DACL for an application running as LocalService. Please help look into.

This is the expected behaviour since the DACL doesn't grant administrators access.