Interpreting a Handle’s Access Mask

August 19, 2013

When opening a handle to a kernel object with some Open* Windows API function (e.g. OpenProcess, OpenThread, OpenEvent, …) an access mask must be specified, indicating the type of access requested from the resulting handle. Requiring too much access may cause the call to fail, so a best practice is to require the only access flags that are needed to get the job done.For example, suppose we want to know when a running process terminates. This requires obtaining a handle to the process in question and calling WaitForSingleObject on that handle. For this, only the SYNCHRONIZE access is required: HANDLE...

My first PluralSight course has been published!

August 8, 2013

In the last few months, I’ve been working on a course for PluralSight. Creating a video course is not easy, as I found out first hand. In fact, it’s more difficult than writing a book. With a book, I can change a sentence or a paragraph, at any time and any place. A video course is different… changes are hard, and recording sessions cannot be done just anywhere. But I’ve learned a lot from the experience, which should make next courses a bit easier…My first course is about a favorite subject of mine, Windows Internals. This deals with the...