static void CheckAccess(NtToken token, NtObject obj) { if (!obj.IsAccessMaskGranted(GenericAccessRights.ReadControl)) { return; } try { SecurityDescriptor sd = obj.SecurityDescriptor; AccessMask granted_access; NtType type = obj.NtType; if (_dir_rights != 0) { granted_access = NtSecurity.GetAllowedAccess(sd, token, _dir_rights, type.GenericMapping); } else { granted_access = NtSecurity.GetMaximumAccess(sd, token, type.GenericMapping); } if (!granted_access.IsEmpty) { // As we can get all the rights for the directory get maximum if (_dir_rights != 0) { granted_access = NtSecurity.GetMaximumAccess(sd, token, type.GenericMapping); } if (!_show_write_only || type.HasWritePermission(granted_access)) { Console.WriteLine("<{0}> {1} : {2:X08} {3}", type.Name, obj.FullPath, granted_access, type.AccessMaskToString(granted_access, _map_to_generic)); if (_print_sddl) { Console.WriteLine("{0}", sd.ToSddl()); } } } } catch (NtException) { } }