I split out the $handle->{Strings) with a seperator of a \x00 and join back together
with a seperator of \n. and get out put of some thing like...
Security
File
\Device\NetBT_Tcpip_{1D9884B7-7889-4709-8DAE-F13AF6AD057F}
-
0
147620042
3224
IWAM_SERVER
RTPWEB01
(0x0,0x2541B)
IUSR_SERVER
SERVER
(0x0,0x4C660FF)
%%1541 %%4416 %%4417
-
Does any one know how to lookup the associated field names (a hash building function
would be wonderful) to produce output of something like (Event Viewer Output).....
Object Open:
Object Server: Security
Object Type: File
Object Name: \Device\NetBT_Tcpip_{1D9884B7-7889-4709-8DAE-F13AF6AD057F}
New Handle ID: -
Operation ID: {0,147616077}
Process ID: 3224
Primary User Name: IWAM_Server
Primary Domain: Server
Primary Logon ID: (0x0,0x2541B)
Client User Name: IUSR_Server
Client Domain: Server
Client Logon ID: (0x0,0x4C660FF)
Accesses SYNCHRONIZE
ReadData (or ListDirectory)
WriteData (or AddFile)
Privileges -
It would be nice to convert some of the codes to, but I am mostly losing sleep over
the field names.
Thanks,
Tim
_______________________________________________
Perl-Win32-Admin mailing list
[EMAIL PROTECTED]
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
