The documentation for ACCESS_MASK ( http://msdn.microsoft.com/en-us/library/windows/desktop/aa374892%28v=vs.85%29.aspx ) defines bits 16-23 as following :
16–23 Standard rights. Contains the object's standard access rights.
but the standard rights table only describes bits 16-20. where are the 3 missing bits ?
they are not decribed in any other sections. in fact setting all the masks defined in headers makes the flags missing those 3 bits. (and the reserved bits).
Bit Flag Meaning
---------------------------------------
16 DELETE Delete access.
17 READ_CONTROL Read access to the owner, group, and discretionary access control list (DACL) of the security descriptor.
18 WRITE_DAC Write access to the DACL.
19 WRITE_OWNER Write access to owner.
20 SYNCHRONIZE Synchronize access.
Are those bits used anywhere ? Even internally to the system (not exposed by userspace functions)
Or are they also reserved ?
From what I see it might be just a way to pad the "section" of flags of std rights to 8 bits. If thats the case they could at least mention it somwhere ? Then again it might be a secret NSA backdoor !
I need this info because im writing a Virtual Filesystem that hooks all file functions so i need to understand them fully.
Now i noticed they possibly are relicts of the following flags
that now were integrated with the READ_CONTROL flag. mystery solved.