I-AccessEnum: ISifundo esiGqibeleleyo sokuPhicotha iiMvume zoPhicotho-zincwadi kwii-Windows

  • Umbono okhawulezayo kunye nothelekiso lweemvume ezichasene nento yomzali ukubona iinxaxhi zokwenyani.
  • Iyaphatheka kwaye ikhaphukhaphu: ~135 KB ephunyezwayo ngokhetho luka "Baleka ngoku" usebenzisa iSysinternals Live.
  • Thumela ngaphandle kwaye uthelekise kunye neziseko zokuphicotha utshintsho kwiifayile kunye neRegistry.
  • I-Sysinternals ecosystem add-on ecaleni kwe-Autoruns, iProcess Explorer, ProcMon, kunye ne-TCPView.
Daniel Terrasa

Imizuzu ye9

AccessEnum Tutorial kwiWindows

Ukulawula iimvume kwiWindows kunokuba yiphazili yokwenyani xa sithetha ngemithi yefolda epheleleyo okanye amasebe oBhaliso. I-AccessEnum ingena ekudlalweni njengento elula kwaye ecacileyo, ekwaziyo ukuzoba ngemizuzwana imephu yokuba ngubani ongakwaziyo ukufunda, ukubhala okanye ukuvinjwa ukufikelela kwiindlela ezibalulekileyo, ukonga ixesha kunye nokuthintela ukuba ungalahleki kwii-ACL ezingapheliyo kwaye ukhokele indlela tshintsha iimvume kunye nobunini befayile xa kuyimfuneko.

Iyilwe phantsi kwe-Sysinternals suite nguMark Russinovich kunye noBryce Cogswell, upapasho lwayo olubhekiselwe kwiSpanish lufumaneka 29 Septemba ye-2022, kunye nencinci ephunyeziweyo (malunga 135 KB) kunye nokuba kunokwenzeka "Baleka ngoku” nge Sysinternals Live ngaphandle kofakelo.

Yintoni i-AccessEnum kwaye icombulula ntoni?

I-AccessEnum sisixhobo sasimahla esivela kwi-Sysinternals eyilelwe ukwenza inkqubo yefayile kunye nesetingi zemvume yoBhaliso lweWindows zibonakale ngoko nangoko. Ixabiso layo lokwahluka kukuthelekisa into nganye nomzali wayo (isiqulathi seefayili okanye isitshixo), ngoko ke ikubonisa kuphela apho iimvume ziye zanyenyiselwa okanye zahlulwa, nto leyo kanye ebonisa umngcipheko onokwenzeka okanye ukungangqinelani.

Xa usebenza, uya kubona uluhlu olunemilinganiselo emithathu efundekayo: funda, bhala, kwaye ukhanyele. Lawula iimvume zeapp Ingaphandle komda othe ngqo we-AccessEnum, kodwa isixhobo siyakukhokelela ekubeni wenze ntoni kwaye ubeke phambili.

Isixhobo sisebenzisa i I-API yoKhuseleko lweWindows olusemgangathweni ukubuza uluhlu lolawulo lokufikelela (ACLs) kwaye ubonise ulwazi ngombono walo ophambili. Endaweni yokuthelekisa bit by bit, isebenza a ingqiqo yokulingana ngohlobo lofikelelo: Ukuba into yomntwana igcina "uhlobo oluthile lokubhala" njengomzali, ithathwa njengelinganayo kuloo mgca nokuba isetyana elichanekileyo alihambelani ne-100%.

Le ndlela yokwahlulahlula inciphisa iimpembelelo zobuxoki kwaye ibeka ingqwalasela apho ufuna ngokwenene ukwenza khona. Kwimizuzwana embalwa uya kuba nefoto ehambelanayo yokunxaxha okuchaphazela umphezulu wokuvezwa, zombini kwiindlela zesixokelelwano sefayile nakumasebe oBhaliso.

Iimvume Guide kunye AccessEnum

Umahluko phakathi kweefolda kunye neefayile

Kukho i-nuance ebalulekileyo: kwimeko yeefayile, i-AccessEnum ibalaselisa kuphela xa iimvume zabo azithinteli kangako kunezo zikwincwadi yayo equletheyo. Esi sigqibo sibeka phambili oko kwandisa umngcipheko: ifayile ethile "evuliwe" ngaphezu kwenjongo.

Ukuba ipolisi yakho ifuna ukuziphatha okwahlukileyo, ungayitshintsha kwimenyu yoKhetho okanye, ukuba kufanelekile, sebenzisa isicelo esineemvume zomlawuli ukwenza utshintsho kunye novavanyo ngamalungelo.

Ukuba ipolisi yakho ifuna ukuziphatha okwahlukileyo, ungayitshintsha ukusuka kuKhetho lwemenyu. Isixhobo siguquguqukayo kwaye sikuvumela ukuba ulungelelanise imilinganiselo ukuhambelana nemigangatho yombutho wakho. Ukongeza, ngokungagqibekanga, oku kulandelayo akubandakanywa: iifayile zenkqubo kunye neeakhawunti zenkonzo, ukuphepha ingxolo engeyomfuneko kwimveliso.

Kuyacetyiswa ukuba uphonononge imenyu yoNcedo/yemixholo. Iimeko zokukhangela kunye nokuthelekisa zichazwe ngokweenkcukacha apho., ezinamagama acacisa ukuba kutheni enye into ibonakala ibalaselisiwe kwaye enye ingabonakali.

Ukuphunyezwa okuphathekayo, ukukhuphela kunye nokuhambelana

Akukho zifakeli okanye iiwizard: le yi GUI ephathekayo ephunyeziweyo. Khuphela nje i-AccessEnum kwaye ucofe kabiniUkuba ukhetha unyawo lwediskhi enguziro, khetha u-"Baleka ngoku" nge-Sysinternals Live kwaye uyiqalise ishushu kwiwebhusayithi yeMicrosoft.

Ngokwendlela esebenzayo: i-binary ijikeleze 135 KB, ireferensi ezinzileyo engqinisisiweyo yi 1.35, kwaye idweliswe kudidi lwe IDiski kunye neFayile Utility. Iikhava zokuhambelana Windows 11, 10, 8.1, 8, 7, kunye neVista, zombini kwiindawo zasekhaya kunye nezoshishino, kwaye imvelaphi yayo ibuyele kwiinkqubo ezisekelwe kwi-Windows NT.

accessenum

Qwalasela ukuskena: umda, izihluzi, kunye nokukhutshwayo

Ukuskena kungabhekiswa kuyo yonke inkqubo okanye kukhawulelwe kwindlela ethile, kwaye kuyafana nakwiRejistri. Ngokuzenzekelayo, uya kubona abalawuli abanemvume eyahlukileyo kumzali y iifayile ezinemvume engaphezulu yemvume kunefolda yakho. Ukuba usebenza kwisiqulathi seefayili ekwabelwana ngaso esibuthathaka okanye isebe elibalulekileyo, luluvo olulungileyo ukucutha umda ukugxila koko kufanelekileyo.

Ukusuka kuKhetho ungacokisa iinqobo zothelekiso, lungisa umda, kwaye uchaze umendo okanye ukukhutshwa kwepateni, umzekelo tshintsha iimvume zosetyenziso kunye nokuqinisekisa impembelelo kwiindawo ezithile. Okushiyiweyo yigolide xa unezowuni ezinesetingi "ezizodwa". ukuba awufuni ukuyiphonononga ngalo lonke uhlalutyo. Ukugcina iseti ezinzileyo yokukhutshelwa ngaphandle konga ixesha kuphicotho-zincwadi lwamaxesha athile.

  • Umda oguquguqukayo: inkqubo yefayile epheleleyo, ulawulo oluthile, ubhaliso olupheleleyo, okanye isebe elithile.
  • Iinqobo ezinokulungiswa: oko kuthathwa njengokutenxa kubawo ngokufunda, ukubhala okanye ukukhanyela.
  • Okushiyiweyo: iindlela, iiakhawunti, okanye iipatheni ongafuniyo ukuvela kuzo zonke iindlela.

Isinxibelelanisi, ukuhlela kunye nezenzo ezikhawulezayo

Nje ukuba uhlalutyo lugqityiwe, ungahlela nayiphi na ikholamu ngokunqakraza kwi-header, ukuguqula unyuka/usihla ngocinezelo olulandelelanayoOlu lungelelwaniso lukunceda ukuba ubeke phambili ezona zinto zinovakalelo kuqala, nokuba kungendlela, uhlobo lwemvume, okanye iiakhawunti ezibandakanyekayo.

Imenyu yentsingiselo ngentla komgca ngamnye ibonelela ngeentshukumo ezininzi zokugcina ixesha: jonga iimpawu zesiqalelo (ukusuka apho unokutshintsha iimvume ukuba kuyimfuneko), khuphela ngaphandle kwimboniselo loo nto okanye vula indawo ehambelanayo (incwadi eneenkcukacha okanye iqhosha lobhaliso) ngokhetho lokuHlola. Ezi zimfutshane ezincinci ezithintela ukutsiba okungeyomfuneko phakathi kweefestile.

Gcina iziphumo, thelekisa kwaye wenze isiseko

I-AccessEnum ivumela Thumela ngaphandle isiphumo kwifayile ye.txtLo mfanekiso uqingqiweyo usebenza njengesiseko sothelekiso lwexesha elizayo, emva kohlaziyo, utshintsho lomgaqo-nkqubo, okanye ukusonjululwa komcimbi. Yindlela elula yokujonga uhlehla ekuhambeni kwexesha.

Umzekelo oqhelekileyo: ugcina imeko yolawulo "confidencial”, usebenzisa ipolisi eqinisiweyo kwaye kwiiveki kamva uyaphinda uskene ukuze uqinisekise. Uthelekiso luya kukuxelela ukuba ngaba iimvume eziye zaphinda zaziswa okanye ukuba yonke into iyaqhubeka njengoko bekucwangcisiwe. Iyasebenza, iyakhawuleza, kwaye ishiya ubungqina obulandelekayo.

Sysinternals

AccessEnum ngaphakathi kwe-Sysinternals ecosystem

I-Sysinternals yasekwa kwi-1996 nguMark Russinovich kunye no-Bryce Cogswell ukubamba izixhobo eziphambili zenkqubo kunye nomxholo wobugcisa. NgoJulayi 2006 uMicrosoft wafumana iSysinternals Kwaye ukususela ngoko, izixhobo zabo ziye zaqhubeka zihlaziywa rhoqo. Uninzi luyaphatheka, lunciphisa ukukhuhlane kwindawo elawulwa ngokuqinileyo.

Ngelixa sigxile kwi-AccessEnum apha, kuyanceda ukwazi inkampani ephezulu eyixhasayo. Ngale khithi ungagubungela uphicotho-zincwadi lweemvume, uqalo, iinkqubo, uthungelwano kunye nophando lwasenkundleni ngobunzulu ekunzima ukuhambelana nayo:

  • Ii-Autoruns: Ibonisa kwaye ilawule iindawo zokuziqalela ngowona luhlu lubanzi. Ikuvumela ukuba ufihle amangeno eMicrosoft ukuba agxile kwiisayithi zomntu wesithathu kwaye adibanise VirusTotal. Amangeno kwi yavuka Badla ngokubonisa iifayile ngaphandle komsayino osebenzayo okanye ongangqinwanga; lubhelu Balatha kwiindlela ezingekhoyo okanye ekungafikelelekiyo kuzo ekufuneka zijongiwe ngaphambi kokuba zingasebenzi. Imihlathi engundoqo ibandakanya: Ukungena kwe-Autorun, iNkcazo, uMpapashi, indlela yoMfanekiso, isitampu sexesha kunye nesigwebo seVirusTotal.
  • Inkqubo yoMhloli: inguqulelo "pro" yoMphathi woMsebenzi. Ibonisa inkqubo yolawulo lwemigangatho, iiDLL ezilayishiweyo kunye nezibambo, ibandakanya ukuqinisekiswa komsayino, ikhowudi yombala, ixesha lenkqubo, kunye nepaneli engezantsi eneenkcukacha. Ilungele ukukhangela ukupakishwa, izichazi ezivuzayo, okanye ukuqinisekiswa kwabapapashi.
  • Ujongo Lwenkqubo: esweni ngexesha lokwenyani Inkqubo yefayile, iRejistri kunye nomsebenzi wenkqubo. Ibonelela ngezihluzi eziphambili, iipropathi zesiganeko ezibanzi, iingqokelela zemisonto eneempawu, kunye nokugawulwa kwefayile. Oku kungundoqo ekuqondeni intsebenziswano enzima okanye imisebenzi yokuzingela i-malware.
  • TCPView: uluhlu live i Isiphelo se-TCP / UDP ngedilesi yendawo / ekude, ubume kunye nenkqubo ehambelana nayo, inokugaywa ngakumbi kune-netstat, kwaye iyamangalisa ukufumanisa unxibelelwano olukrokrelayo.
  • BGIinfo: ipeyinti kwi imvelaphi ye-desktop idatha yenkqubo (igama lekhompyuter, i-IP, njl.), iluncedo kakhulu kuluhlu lwezinto ezibonakalayo xa utsiba phakathi kweekhompyuter.
  • I-Contig: iziqhulo Iifayile ezizodwa, iluncedo ekunqandeni ukuqhekeka ngokupheleleyo xa unexhala kuphela malunga neefayile ezihlala ziqhekeka.
  • Iidesktops: yakha ukuya iidesktop ezine ezinenyani, nakwiinguqulelo ezindala zeWindows, ukulungelelanisa iimeko zomsebenzi.
  • DiskMon: ivumela uqwalaselo lwexesha lokwenyani amacandelo ediski esebenzayo. Phakathi kweendawo zayo ezibonakalayo: # (umqolo), ixesha, ubude bexesha, disk, uhlobo lwe isicelo (funda/bhala), Icandelo y ubude.
  • Disk2vhd: uguqula a idiski ebonakalayo kwiVHD ukuze zisetyenziswe koomatshini benyani beMicrosoft, ukwenza uvavanyo okanye ukufuduka.
  • PsTools kunye ne-PSExec: iseti yezinto eziluncedo Umgca wokuyalela kulawulo olukude. I-PsExec iqhuba iinkqubo ukude ngaphandle kweearhente; unga, umzekelo, ukuhlaziya imigaqo-nkqubo kwikhompyuter ekude ngokuqhuba "PsExec \\ igama lekhompyutha gpupdate» kunye nokulungelelanisa imisebenzi yokusebenza.
  • Sysmon: Iirekhodi zeziganeko zokhuseleko eziphambili (ukwenziwa kwenkqubo, uqhagamshelo lwenethiwekhi, utshintsho lwesitampu sexesha, ufikelelo kwimemori, imisonto ekude…), ilungele ulungelelwaniso lwamva kwi-SIEM.
  • Sondeza: isixhobo se zoom kunye nomzobo kwiscreen iluncedo kakhulu kwimiboniso yobugcisa kunye noqeqesho.

Amanqaku kwimithombo kunye namakhonkco okukhangela

Kwezinye izithuba, uya kufumana amakhonkco kumxholo jikelele ("indlela yokutshintsha i-app engagqibekanga," "indlela yokukhupha i-antivirus," njl.) ifakwe phakathi kwamacandelo. Ezi zizingqinisiso zokukhangela kwimidiya kwaye azichaphazeli ukusetyenziswa kwe-AccessEnum.Kwinqanaba loluntu, ithoni enobungane nayo ixhaphakile, kunye nemiyalezo yomntu efana ne "Wild Boar Security for All!", ebeka umxholo wombhali, nokuba abayonxalenye yomsebenzi wobugcisa.

Ukuba usebenza neWindows kwaye unenkxalabo malunga nokuba ngubani onokuvula, ukuguqula, okanye ukwala ukufikelela kwidatha kunye noseto, i-AccessEnum ikunika kanye into oyifunayo: ukucaca kunye nesantya kwinto ethi, ngaphandle koncedo, isoloko iyindinisa. Ngengqiqo yokuthelekisa ehlakaniphile, ukuthumela ngaphandle kwesicatshulwa, ukhetho lokukhutshelwa ngaphandle, kunye nokuphatheka, Ungawakhusela amaphepha-mvume ngaphandle kokulahleka phakathi kwamawaka amangeno, kwaye, ukuba udibanisa kunye nayo yonke i-arsenal ye-Sysinternals, unomsebenzi oqinileyo wokusebenza kunye nokuphendula kwiziganeko nge-solvency.

accesschk
Inqaku elidibeneyo:
Uyisebenzisa njani i-AccessChk ukuphicotha iimvume kwiWindows