From a9c2fd8c2ee9c9ab9eb568200b214fef8b984a27 Mon Sep 17 00:00:00 2001
From: Stephen Griffin <sgriffin@microsoft.com>
Date: Thu, 2 Jan 2025 16:20:58 -0500
Subject: [PATCH 01/19] Simplify fuzzing

---
 README.md                    | 10 +++--
 fuzz/Build-FuzzingCorpus.ps1 | 74 ++++++++++++++++++++++++++++++++++++
 fuzz/fuzz.cpp                | 40 +------------------
 3 files changed, 83 insertions(+), 41 deletions(-)
 create mode 100644 fuzz/Build-FuzzingCorpus.ps1

diff --git a/README.md b/README.md
index 7a6bf9f7e..2f922ed06 100644
--- a/README.md
+++ b/README.md
@@ -12,16 +12,20 @@ MFCMAPI depends on the [MAPI Stub Library](https://github.com/microsoft/MAPIStub
 
 ## Fuzzing
 
-MFCMAPI supports fuzzing with [libFuzzer](https://llvm.org/docs/LibFuzzer.html) and the [fsanitize](https://learn.microsoft.com/en-us/cpp/build/reference/fsanitize?view=msvc-170) switch in Visual Studio. See [fuzz.cpp](https://github.com/microsoft/mfcmapi/blob/main/fuzz/fuzz.cpp) for details.  
+MFCMAPI supports fuzzing with [libFuzzer](https://llvm.org/docs/LibFuzzer.html) and the [fsanitize](https://learn.microsoft.com/en-us/cpp/build/reference/fsanitize?view=msvc-170) switch in Visual Studio. See [fuzz.cpp](fuzz/fuzz.cpp) for details.  
 To run fuzzing for this project, follow these steps:
+1. **Build Fuzzing Corpus**: 
+   - Open Powershell prompt
+   - Run [fuzz\Build-FuzzingCorpus.ps1](fuzz\Build-FuzzingCorpus.ps1) to generate a fuzzing corpus in [fuzz/corpus](fuzz/corpus) from Smart View unit test data.
+
 1. **Switch Solution Configuration**:
    - Open MFCMAPI.sln in Visual Studio.
    - In the toolbar, locate the **Solution Configurations** dropdown.
    - Select **Fuzz** from the list of configurations.
 
-2. **Debug Command Line Parameters**:
+1. **Debug Command Line Parameters**:
    - When running the fuzzing tests, use the following command line parameters:  
-`$(ProjectDir)fuzz\corpus $(ProjectDir)UnitTest\SmartViewTestData\In -artifact_prefix=fuzz\artifacts\`
+`$(ProjectDir)fuzz\corpus -artifact_prefix=fuzz\artifacts\`
 
 ## Help/Feedback
 
diff --git a/fuzz/Build-FuzzingCorpus.ps1 b/fuzz/Build-FuzzingCorpus.ps1
new file mode 100644
index 000000000..72e969bc4
--- /dev/null
+++ b/fuzz/Build-FuzzingCorpus.ps1
@@ -0,0 +1,74 @@
+
+function Build-FuzzingCorpus {
+    param (
+        [string]$InputDir,
+        [string]$OutputDir
+    )
+
+    # Ensure the output directory exists
+    if (-not (Test-Path -Path $OutputDir)) {
+        New-Item -ItemType Directory -Path $OutputDir
+    }
+
+    # Function to convert hex string to byte array
+    function Convert-HexStringToByteArray {
+        param (
+            [string]$hexString
+        )
+        if ($null -eq $hexString) {
+            return @()
+        }
+
+        # remove L"\r\n\t -.,\\/'{}`\"" and whitespace from the hex string
+        # this is the same set of characters checked in IsFilteredHex
+        $hexString = $hexString -replace "[\r\n\t -.,\\/'{}`"\""]", "" -replace "\s", ""
+        if ($hexString.Length -eq 0) {
+            return @()
+        }
+
+        $byteArray = @()
+        for ($i = 0; $i -lt $hexString.Length; $i += 2) {
+            try {
+                $byteArray += [Convert]::ToByte($hexString.Substring($i, 2), 16)
+            } catch {
+                Write-Host "Error converting hex string to byte array: $($_.Exception.Message)"
+                Write-Host "hexString: $hexString"
+                Write-Host "i: $i"
+                Write-Host "hexString.Length: $($hexString.Length)"
+                # Write the (up to) 8 characters before the error and up to 8 after
+                $start = [Math]::Max(0, $i - 8)
+                $end = [Math]::Min($hexString.Length, $i + 8)
+                Write-Host "hexString.Substring($i, 2): $($hexString.Substring($i, 2))"
+                Write-Host "hexString.Substring($start, $end - $start): $($hexString.Substring($start, $end - $start))" 
+                break
+            }
+        }
+        return $byteArray
+    }
+    
+    # Iterate over all .dat files in the input directory
+    Get-ChildItem -Path $InputDir -Filter *.dat | ForEach-Object {
+        $inputFilePath = $_.FullName
+        $outputFilePath = Join-Path -Path $OutputDir -ChildPath ($_.BaseName + ".bin")
+
+        # Read the hex data from the input file
+        $hexData = Get-Content -Path $inputFilePath -Raw
+
+        Write-Host "Converting $inputFilePath to $outputFilePath"
+        # Write-Host "Hex data length: $($hexData.Length)"
+        # Write-Host "hexData: $hexData"
+
+        # Convert the hex data to binary data
+        $binaryData = Convert-HexStringToByteArray -hexString $hexData
+        if ($null -eq $binaryData) {
+            $binaryData = @()
+        }
+        # Write the binary data to the output file
+        [System.IO.File]::WriteAllBytes($outputFilePath, $binaryData)
+    }
+}
+
+# Example usage
+$inputDirectory = "$PSScriptRoot\..\UnitTest\SmartViewTestData\In"
+$outputDirectory = "$PSScriptRoot\corpus"
+Build-FuzzingCorpus -InputDir $inputDirectory -OutputDir $outputDirectory
diff --git a/fuzz/fuzz.cpp b/fuzz/fuzz.cpp
index 9935e90ff..e9bb560f3 100644
--- a/fuzz/fuzz.cpp
+++ b/fuzz/fuzz.cpp
@@ -27,26 +27,7 @@ void test(std::vector<BYTE> hex)
 	}
 }
 
-std::wstring LoadDataToString(const uint8_t* Data, size_t Size)
-{
-	const auto cb = Size;
-	const LPVOID bytes = (LPVOID) Data;
-	const auto data = static_cast<const BYTE*>(bytes);
-
-	// UTF 16 LE
-	// In Notepad++, this is UCS-2 LE BOM encoding
-	// WARNING: Editing files in Visual Studio Code can alter this encoding
-	if (cb >= 2 && data[0] == 0xff && data[1] == 0xfe)
-	{
-		// Skip the byte order mark
-		const auto wstr = static_cast<const wchar_t*>(bytes);
-		const auto cch = cb / sizeof(wchar_t);
-		return std::wstring(wstr + 1, cch - 1);
-	}
 
-	const auto str = std::string(static_cast<const char*>(bytes), cb);
-	return strings::stringTowstring(str);
-}
 
 #ifdef __cplusplus
 #define FUZZ_EXPORT extern "C" __declspec(dllexport)
@@ -56,26 +37,9 @@ std::wstring LoadDataToString(const uint8_t* Data, size_t Size)
 FUZZ_EXPORT int __cdecl LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
 {
 	std::call_once(_initFlag, EnsureInit);
-	// convert data to vector byte
-
 	const auto inputVector = std::vector<BYTE>(data, data + size);
-	const auto input = LoadDataToString(data, size);
-	if (input.empty())
-	{
-		// Print hex encoding of input so we can see what was wrong with it
-		//wprintf(L"Invalid input: %ws\r\n", strings::BinToHexString(inputVector, true).c_str());
-		return -1; // ignore invalid hex strings
-	}
-
-	auto hex = strings::HexStringToBin(input);
-	if (hex.empty())
-	{
-		//wprintf(L"Invalid hex: %ws\r\n", input.c_str());
-		return -1; // ignore invalid hex strings
-	}
-
-	//wprintf(L"Fuzzing: %ws\r\n", input.c_str());
-	test(hex);
+	//wprintf(L"Fuzzing: %ws\r\n", strings::BinToHexString(inputVector, true).c_str());
+	test(inputVector);
 	return 0;
 }
 #endif // FUZZ
\ No newline at end of file

From 3b5bd591f277f605f08709eeb28607ae8052f3d2 Mon Sep 17 00:00:00 2001
From: Stephen Griffin <sgriffin@outlook.com>
Date: Thu, 2 Jan 2025 16:39:34 -0500
Subject: [PATCH 02/19] make fuzzing faster

---
 fuzz/fuzz.cpp | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/fuzz/fuzz.cpp b/fuzz/fuzz.cpp
index e9bb560f3..f4db4fcf9 100644
--- a/fuzz/fuzz.cpp
+++ b/fuzz/fuzz.cpp
@@ -17,18 +17,16 @@ void EnsureInit()
 	strings::setTestInstance(GetModuleHandleW(L"fuzz.exe"));
 }
 
-void test(std::vector<BYTE> hex)
+void test(const SBinary hex)
 {
 	for (const auto parser : SmartViewParserTypeArray)
 	{
 		if (parser.type == parserType::NOPARSING) continue;
 		//wprintf(L"Testing %ws\r\n", addin::AddInStructTypeToString(parser.type).c_str());
-		(void) smartview::InterpretBinary({static_cast<ULONG>(hex.size()), hex.data()}, parser.type, nullptr);
+		(void) smartview::InterpretBinary(hex, parser.type, nullptr);
 	}
 }
 
-
-
 #ifdef __cplusplus
 #define FUZZ_EXPORT extern "C" __declspec(dllexport)
 #else
@@ -37,9 +35,9 @@ void test(std::vector<BYTE> hex)
 FUZZ_EXPORT int __cdecl LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
 {
 	std::call_once(_initFlag, EnsureInit);
-	const auto inputVector = std::vector<BYTE>(data, data + size);
-	//wprintf(L"Fuzzing: %ws\r\n", strings::BinToHexString(inputVector, true).c_str());
-	test(inputVector);
+	const SBinary input = {static_cast<ULONG>(size), (LPBYTE) (data)};
+	//wprintf(L"Fuzzing: %ws\r\n", strings::BinToHexString(&input, true).c_str());
+	test(input);
 	return 0;
 }
 #endif // FUZZ
\ No newline at end of file

From 7e954d71251ef6ab97bba40880f0cd00558d3da5 Mon Sep 17 00:00:00 2001
From: Stephen Griffin <sgriffin@microsoft.com>
Date: Thu, 2 Jan 2025 16:50:28 -0500
Subject: [PATCH 03/19] Ensure artifacts dir exists as part of setup

---
 fuzz/Build-FuzzingCorpus.ps1 | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/fuzz/Build-FuzzingCorpus.ps1 b/fuzz/Build-FuzzingCorpus.ps1
index 72e969bc4..9910bd752 100644
--- a/fuzz/Build-FuzzingCorpus.ps1
+++ b/fuzz/Build-FuzzingCorpus.ps1
@@ -71,4 +71,8 @@ function Build-FuzzingCorpus {
 # Example usage
 $inputDirectory = "$PSScriptRoot\..\UnitTest\SmartViewTestData\In"
 $outputDirectory = "$PSScriptRoot\corpus"
+$artifactsDirectory = "$PSScriptRoot\artifacts"
+if (-not (Test-Path -Path $artifactsDirectory)) {
+    New-Item -ItemType Directory -Path $artifactsDirectory
+}
 Build-FuzzingCorpus -InputDir $inputDirectory -OutputDir $outputDirectory

From 95231d81223bddafa8478c88b86ec5fe943cde13 Mon Sep 17 00:00:00 2001
From: Stephen Griffin <sgriffin@microsoft.com>
Date: Thu, 2 Jan 2025 16:52:50 -0500
Subject: [PATCH 04/19] fix test instance name

---
 fuzz/fuzz.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fuzz/fuzz.cpp b/fuzz/fuzz.cpp
index f4db4fcf9..55a358acd 100644
--- a/fuzz/fuzz.cpp
+++ b/fuzz/fuzz.cpp
@@ -14,7 +14,7 @@ void EnsureInit()
 	registry::useGetPropList = true;
 	registry::parseNamedProps = true;
 	registry::cacheNamedProps = true;
-	strings::setTestInstance(GetModuleHandleW(L"fuzz.exe"));
+	strings::setTestInstance(GetModuleHandleW(L"mfcmapi.exe"));
 }
 
 void test(const SBinary hex)

From 92f456210c5eba56a659293ac64ede2c091142e3 Mon Sep 17 00:00:00 2001
From: Stephen Griffin <sgriffin@outlook.com>
Date: Fri, 3 Jan 2025 10:03:54 -0500
Subject: [PATCH 05/19] Clean up ace output to better match struct

---
 UnitTest/SmartViewTestData/Out/19-sd-out1.dat | 44 +++++++------
 UnitTest/SmartViewTestData/Out/19-sd-out2.dat | 16 ++---
 .../Out/31-FreeBusySID-out1.dat               |  9 +--
 .../Out/31-FreeBusySID-out2.dat               | 16 ++---
 UnitTest/tests/sidtest.cpp                    | 61 +++++++++++--------
 core/interpret/sid.cpp                        | 19 +++---
 core/res/MFCMapi.rc2                          |  9 +--
 7 files changed, 96 insertions(+), 78 deletions(-)

diff --git a/UnitTest/SmartViewTestData/Out/19-sd-out1.dat b/UnitTest/SmartViewTestData/Out/19-sd-out1.dat
index 3ac22c91d..74f8ed472 100644
--- a/UnitTest/SmartViewTestData/Out/19-sd-out1.dat
+++ b/UnitTest/SmartViewTestData/Out/19-sd-out1.dat
@@ -4,32 +4,38 @@ Security Descriptor
 	Security Version: 0x0003 = SECURITY_DESCRIPTOR_TRANSFER_VERSION
 	Descriptor
 	Account: (no domain)\(no name)
+ACE Type: 0x00 = ACCESS_ALLOWED_ACE_TYPE
+ACE Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE
+ACE Mask: 0x001208A9 = fsdrightReadBody | fsdrightReadProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightViewItem | fsdrightReadControl | fsdrightSynchronize
+ACE Size: 0x0024
 SID: S-1-5-21-124525111-708259637-1543119021-103169
-Access Type: 0x00000000 = ACCESS_ALLOWED_ACE_TYPE
-Access Flags: 0x00000009 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE
-Access Mask: 0x001208A9 = fsdrightReadBody | fsdrightReadProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightViewItem | fsdrightReadControl | fsdrightSynchronize
 Account: (no domain)\(no name)
+ACE Type: 0x01 = ACCESS_DENIED_ACE_TYPE
+ACE Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE
+ACE Mask: 0x001F0716 = fsdrightWriteBody | fsdrightAppendMsg | fsdrightWriteProperty | fsdrightWriteAttributes | fsdrightWriteOwnProperty | fsdrightDeleteOwnItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize
+ACE Size: 0x0024
 SID: S-1-5-21-124525111-708259637-1543119021-103169
-Access Type: 0x00000001 = ACCESS_DENIED_ACE_TYPE
-Access Flags: 0x00000009 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE
-Access Mask: 0x001F0716 = fsdrightWriteBody | fsdrightAppendMsg | fsdrightWriteProperty | fsdrightWriteAttributes | fsdrightWriteOwnProperty | fsdrightDeleteOwnItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize
 Account: (no domain)\(no name)
+ACE Type: 0x01 = ACCESS_DENIED_ACE_TYPE
+ACE Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE
+ACE Mask: 0x001F0FBF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightWriteOwnProperty | fsdrightDeleteOwnItem | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize
+ACE Size: 0x0024
 SID: S-1-5-21-124525095-708259637-1543119021-754602
-Access Type: 0x00000001 = ACCESS_DENIED_ACE_TYPE
-Access Flags: 0x00000009 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE
-Access Mask: 0x001F0FBF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightWriteOwnProperty | fsdrightDeleteOwnItem | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize
 Account: (no domain)\(no name)
+ACE Type: 0x00 = ACCESS_ALLOWED_ACE_TYPE
+ACE Flags: 0x02 = CONTAINER_INHERIT_ACE
+ACE Mask: 0x001208A9 = fsdrightReadBody | fsdrightReadProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightViewItem | fsdrightReadControl | fsdrightSynchronize
+ACE Size: 0x0024
 SID: S-1-5-21-124525111-708259637-1543119021-103169
-Access Type: 0x00000000 = ACCESS_ALLOWED_ACE_TYPE
-Access Flags: 0x00000002 = CONTAINER_INHERIT_ACE
-Access Mask: 0x001208A9 = fsdrightReadBody | fsdrightReadProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightViewItem | fsdrightReadControl | fsdrightSynchronize
 Account: (no domain)\(no name)
+ACE Type: 0x01 = ACCESS_DENIED_ACE_TYPE
+ACE Flags: 0x02 = CONTAINER_INHERIT_ACE
+ACE Mask: 0x000DC916 = fsdrightWriteBody | fsdrightAppendMsg | fsdrightWriteProperty | fsdrightWriteAttributes | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | 0xC000
+ACE Size: 0x0024
 SID: S-1-5-21-124525111-708259637-1543119021-103169
-Access Type: 0x00000001 = ACCESS_DENIED_ACE_TYPE
-Access Flags: 0x00000002 = CONTAINER_INHERIT_ACE
-Access Mask: 0x000DC916 = fsdrightWriteBody | fsdrightAppendMsg | fsdrightWriteProperty | fsdrightWriteAttributes | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | 0xC000
 Account: (no domain)\(no name)
-SID: S-1-5-21-124525095-708259637-1543119021-754602
-Access Type: 0x00000001 = ACCESS_DENIED_ACE_TYPE
-Access Flags: 0x00000002 = CONTAINER_INHERIT_ACE
-Access Mask: 0x001FC9BF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize | 0xC000
\ No newline at end of file
+ACE Type: 0x01 = ACCESS_DENIED_ACE_TYPE
+ACE Flags: 0x02 = CONTAINER_INHERIT_ACE
+ACE Mask: 0x001FC9BF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize | 0xC000
+ACE Size: 0x0024
+SID: S-1-5-21-124525095-708259637-1543119021-754602
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/Out/19-sd-out2.dat b/UnitTest/SmartViewTestData/Out/19-sd-out2.dat
index 2178f1229..4e0b840fa 100644
--- a/UnitTest/SmartViewTestData/Out/19-sd-out2.dat
+++ b/UnitTest/SmartViewTestData/Out/19-sd-out2.dat
@@ -4,12 +4,14 @@ Security Descriptor
 	Security Version: 0x0003 = SECURITY_DESCRIPTOR_TRANSFER_VERSION
 	Descriptor
 	Account: (no domain)\(no name)
+ACE Type: 0x01 = ACCESS_DENIED_ACE_TYPE
+ACE Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE
+ACE Mask: 0x001F0FBF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightWriteOwnProperty | fsdrightDeleteOwnItem | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize
+ACE Size: 0x0024
 SID: S-1-5-21-124525095-708259637-1543119021-754602
-Access Type: 0x00000001 = ACCESS_DENIED_ACE_TYPE
-Access Flags: 0x00000009 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE
-Access Mask: 0x001F0FBF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightWriteOwnProperty | fsdrightDeleteOwnItem | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize
 Account: (no domain)\(no name)
-SID: S-1-5-21-124525095-708259637-1543119021-754602
-Access Type: 0x00000001 = ACCESS_DENIED_ACE_TYPE
-Access Flags: 0x00000002 = CONTAINER_INHERIT_ACE
-Access Mask: 0x001FC9BF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize | 0xC000
\ No newline at end of file
+ACE Type: 0x01 = ACCESS_DENIED_ACE_TYPE
+ACE Flags: 0x02 = CONTAINER_INHERIT_ACE
+ACE Mask: 0x001FC9BF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize | 0xC000
+ACE Size: 0x0024
+SID: S-1-5-21-124525095-708259637-1543119021-754602
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/Out/31-FreeBusySID-out1.dat b/UnitTest/SmartViewTestData/Out/31-FreeBusySID-out1.dat
index 7c14aaf35..9d8894b08 100644
--- a/UnitTest/SmartViewTestData/Out/31-FreeBusySID-out1.dat
+++ b/UnitTest/SmartViewTestData/Out/31-FreeBusySID-out1.dat
@@ -4,7 +4,8 @@ Security Descriptor
 	Security Version: 0x0003 = SECURITY_DESCRIPTOR_TRANSFER_VERSION
 	Descriptor
 	Account: \Everyone
-SID: S-1-1-0
-Access Type: 0x00000000 = ACCESS_ALLOWED_ACE_TYPE
-Access Flags: 0x00000002 = CONTAINER_INHERIT_ACE
-Access Mask: 0x00000001 = fsdrightFreeBusySimple
\ No newline at end of file
+ACE Type: 0x00 = ACCESS_ALLOWED_ACE_TYPE
+ACE Flags: 0x02 = CONTAINER_INHERIT_ACE
+ACE Mask: 0x00000001 = fsdrightFreeBusySimple
+ACE Size: 0x0014
+SID: S-1-1-0
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/Out/31-FreeBusySID-out2.dat b/UnitTest/SmartViewTestData/Out/31-FreeBusySID-out2.dat
index 8059c171a..206ce772f 100644
--- a/UnitTest/SmartViewTestData/Out/31-FreeBusySID-out2.dat
+++ b/UnitTest/SmartViewTestData/Out/31-FreeBusySID-out2.dat
@@ -4,12 +4,14 @@ Security Descriptor
 	Security Version: 0x0003 = SECURITY_DESCRIPTOR_TRANSFER_VERSION
 	Descriptor
 	Account: (no domain)\(no name)
+ACE Type: 0x00 = ACCESS_ALLOWED_ACE_TYPE
+ACE Flags: 0x02 = CONTAINER_INHERIT_ACE
+ACE Mask: 0x00000003 = fsdrightFreeBusySimple | fsdrightFreeBusyDetailed
+ACE Size: 0x0024
 SID: S-1-5-21-1148560623-1742210193-3263613743-3181487
-Access Type: 0x00000000 = ACCESS_ALLOWED_ACE_TYPE
-Access Flags: 0x00000002 = CONTAINER_INHERIT_ACE
-Access Mask: 0x00000003 = fsdrightFreeBusySimple | fsdrightFreeBusyDetailed
 Account: \Everyone
-SID: S-1-1-0
-Access Type: 0x00000000 = ACCESS_ALLOWED_ACE_TYPE
-Access Flags: 0x00000002 = CONTAINER_INHERIT_ACE
-Access Mask: 0x00000001 = fsdrightFreeBusySimple
\ No newline at end of file
+ACE Type: 0x00 = ACCESS_ALLOWED_ACE_TYPE
+ACE Flags: 0x02 = CONTAINER_INHERIT_ACE
+ACE Mask: 0x00000001 = fsdrightFreeBusySimple
+ACE Size: 0x0014
+SID: S-1-1-0
\ No newline at end of file
diff --git a/UnitTest/tests/sidtest.cpp b/UnitTest/tests/sidtest.cpp
index 1431718a5..24931c894 100644
--- a/UnitTest/tests/sidtest.cpp
+++ b/UnitTest/tests/sidtest.cpp
@@ -73,20 +73,23 @@ namespace sidtest
 			unittest::AreEqualEx(
 				std::wstring{
 					L"Account: (no domain)\\(no name)\r\n"
-					L"SID: S-1-5-21-124525111-708259637-1543119021-103169\r\n"
-					L"Access Type: 0x00000000 = ACCESS_ALLOWED_ACE_TYPE\r\n"
-					L"Access Flags: 0x00000009 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE\r\n"
-					L"Access Mask: 0x001208A9 = fsdrightListContents | fsdrightReadProperty | fsdrightExecute | "
-					L"fsdrightReadAttributes | fsdrightViewItem | fsdrightReadControl | fsdrightSynchronize"},
+					L"ACE Type: 0x00 = ACCESS_ALLOWED_ACE_TYPE\r\n"
+					L"ACE Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE\r\n"
+					L"ACE Mask: 0x001208A9 = fsdrightListContents | fsdrightReadProperty | fsdrightExecute | "
+					L"fsdrightReadAttributes | fsdrightViewItem | fsdrightReadControl | fsdrightSynchronize\r\n"
+					L"ACE Size: 0x0024\r\n"
+					L"SID: S-1-5-21-124525111-708259637-1543119021-103169"},
 				ACEToString(aceAllowBin.data(), sid::aceType::Container));
 
 			auto aceDenyBin = strings::HexStringToBin(L"01 09 1400 a9081200 01 01 000000000005 0B000000");
 			unittest::AreEqualEx(
-				std::wstring{L"Account: NT AUTHORITY\\Authenticated Users\r\n"
-							 L"SID: S-1-5-11\r\n"
-							 L"Access Type: 0x00000001 = ACCESS_DENIED_ACE_TYPE\r\n"
-							 L"Access Flags: 0x00000009 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE\r\n"
-							 L"Access Mask: 0x001208A9 = "},
+				std::wstring{
+					L"Account: NT AUTHORITY\\Authenticated Users\r\n"
+					L"ACE Type: 0x01 = ACCESS_DENIED_ACE_TYPE\r\n"
+					L"ACE Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE\r\n"
+					L"ACE Mask: 0x001208A9 = \r\n"
+					L"ACE Size: 0x0014\r\n"
+					L"SID: S-1-5-11"},
 				ACEToString(aceDenyBin.data(), sid::aceType{3}));
 
 			auto aceAllowObjectBin = strings::HexStringToBin(L"05 1f 3800 a9081200 ffffffff"
@@ -96,12 +99,13 @@ namespace sidtest
 			unittest::AreEqualEx(
 				std::wstring{
 					L"Account: (no domain)\\(no name)\r\n"
-					L"SID: (no SID)\r\n"
-					L"Access Type: 0x00000005 = ACCESS_ALLOWED_OBJECT_ACE_TYPE\r\n"
-					L"Access Flags: 0x0000001F = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | NO_PROPAGATE_INHERIT_ACE "
+					L"ACE Type: 0x05 = ACCESS_ALLOWED_OBJECT_ACE_TYPE\r\n"
+					L"ACE Flags: 0x1F = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | NO_PROPAGATE_INHERIT_ACE "
 					L"| INHERIT_ONLY_ACE | INHERITED_ACE\r\n"
-					L"Access Mask: 0x001208A9 = fsdrightReadBody | fsdrightReadProperty | fsdrightExecute | "
+					L"ACE Mask: 0x001208A9 = fsdrightReadBody | fsdrightReadProperty | fsdrightExecute | "
 					L"fsdrightReadAttributes | fsdrightViewItem | fsdrightReadControl | fsdrightSynchronize\r\n"
+					L"ACE Size: 0x0038\r\n"
+					L"SID: (no SID)\r\n"
 					L"ObjectType: \r\n"
 					L"{00020D0A-0000-0000-C000-000000000046} = IID_CAPONE_PROF\r\n"
 					L"InheritedObjectType: \r\n"
@@ -116,11 +120,12 @@ namespace sidtest
 			unittest::AreEqualEx(
 				std::wstring{
 					L"Account: NT AUTHORITY\\Authenticated Users\r\n"
-					L"SID: S-1-5-11\r\n"
-					L"Access Type: 0x00000006 = ACCESS_DENIED_OBJECT_ACE_TYPE\r\n"
-					L"Access Flags: 0x0000001F = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | NO_PROPAGATE_INHERIT_ACE "
+					L"ACE Type: 0x06 = ACCESS_DENIED_OBJECT_ACE_TYPE\r\n"
+					L"ACE Flags: 0x1F = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | NO_PROPAGATE_INHERIT_ACE "
 					L"| INHERIT_ONLY_ACE | INHERITED_ACE\r\n"
-					L"Access Mask: 0x00000003 = fsdrightFreeBusySimple | fsdrightFreeBusyDetailed\r\n"
+					L"ACE Mask: 0x00000003 = fsdrightFreeBusySimple | fsdrightFreeBusyDetailed\r\n"
+					L"ACE Size: 0x0038\r\n"
+					L"SID: S-1-5-11\r\n"
 					L"ObjectType: \r\n"
 					L"{00020D0A-0000-0000-C000-000000000046} = IID_CAPONE_PROF\r\n"
 					L"InheritedObjectType: \r\n"
@@ -156,21 +161,23 @@ namespace sidtest
 			unittest::AreEqualEx(
 				std::wstring{
 					L"Account: (no domain)\\(no name)\r\n"
-					L"SID: S-1-5-21-124525095-708259637-1543119021-754602\r\n"
-					L"Access Type: 0x00000001 = ACCESS_DENIED_ACE_TYPE\r\n"
-					L"Access Flags: 0x00000009 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE\r\n"
-					L"Access Mask: 0x001F0FBF = fsdrightListContents | fsdrightCreateItem | fsdrightCreateContainer | "
+					L"ACE Type: 0x01 = ACCESS_DENIED_ACE_TYPE\r\n"
+					L"ACE Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE\r\n"
+					L"ACE Mask: 0x001F0FBF = fsdrightListContents | fsdrightCreateItem | fsdrightCreateContainer | "
 					L"fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | "
 					L"fsdrightWriteAttributes | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | "
 					L"fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize | 0x600\r\n"
-					L"Account: (no domain)\\(no name)\r\n"
+					L"ACE Size: 0x0024\r\n"
 					L"SID: S-1-5-21-124525095-708259637-1543119021-754602\r\n"
-					L"Access Type: 0x00000001 = ACCESS_DENIED_ACE_TYPE\r\n"
-					L"Access Flags: 0x00000002 = CONTAINER_INHERIT_ACE\r\n"
-					L"Access Mask: 0x001FC9BF = fsdrightListContents | fsdrightCreateItem | fsdrightCreateContainer | "
+					L"Account: (no domain)\\(no name)\r\n"
+					L"ACE Type: 0x01 = ACCESS_DENIED_ACE_TYPE\r\n"
+					L"ACE Flags: 0x02 = CONTAINER_INHERIT_ACE\r\n"
+					L"ACE Mask: 0x001FC9BF = fsdrightListContents | fsdrightCreateItem | fsdrightCreateContainer | "
 					L"fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | "
 					L"fsdrightWriteAttributes | fsdrightViewItem | fsdrightOwner | fsdrightContact | fsdrightWriteSD | "
-					L"fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize"},
+					L"fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize\r\n"
+					L"ACE Size: 0x0024\r\n"
+					L"SID: S-1-5-21-124525095-708259637-1543119021-754602"},
 				sd1.dacl);
 			unittest::AreEqualEx(std::wstring{L"0x0"}, sd1.info);
 		}
diff --git a/core/interpret/sid.cpp b/core/interpret/sid.cpp
index 92d74cc91..b499096b2 100644
--- a/core/interpret/sid.cpp
+++ b/core/interpret/sid.cpp
@@ -129,6 +129,7 @@ namespace sid
 	std::wstring ACEToString(_In_opt_ void* pACE, aceType acetype)
 	{
 		std::vector<std::wstring> aceString;
+		PACE_HEADER pAceHeader = static_cast<PACE_HEADER>(pACE);
 		ACCESS_MASK Mask = 0;
 		DWORD Flags = 0;
 		GUID ObjectType = {};
@@ -138,11 +139,8 @@ namespace sid
 
 		if (!pACE) return L"";
 
-		const auto AceType = static_cast<PACE_HEADER>(pACE)->AceType;
-		const auto AceFlags = static_cast<PACE_HEADER>(pACE)->AceFlags;
-
 		/* Check type of ACE */
-		switch (AceType)
+		switch (pAceHeader->AceType)
 		{
 		case ACCESS_ALLOWED_ACE_TYPE:
 			Mask = static_cast<ACCESS_ALLOWED_ACE*>(pACE)->Mask;
@@ -171,8 +169,8 @@ namespace sid
 		}
 
 		auto lpStringSid = GetTextualSid(SidStart);
-		auto szAceType = flags::InterpretFlags(flagACEType, AceType);
-		auto szAceFlags = flags::InterpretFlags(flagACEFlag, AceFlags);
+		auto szAceType = flags::InterpretFlags(flagACEType, pAceHeader->AceType);
+		auto szAceFlags = flags::InterpretFlags(flagACEFlag, pAceHeader->AceFlags);
 		auto szAceMask = std::wstring{};
 
 		switch (acetype)
@@ -197,13 +195,14 @@ namespace sid
 			IDS_SIDACCOUNT,
 			sidAccount.getDomain().c_str(),
 			sidAccount.getName().c_str(),
-			szSID.c_str(),
-			AceType,
+			pAceHeader->AceType,
 			szAceType.c_str(),
-			AceFlags,
+			pAceHeader->AceFlags,
 			szAceFlags.c_str(),
 			Mask,
-			szAceMask.c_str()));
+			szAceMask.c_str(),
+			pAceHeader->AceSize,
+			szSID.c_str()));
 
 		if (bObjectFound)
 		{
diff --git a/core/res/MFCMapi.rc2 b/core/res/MFCMapi.rc2
index 6edd75383..be1f53b5d 100644
--- a/core/res/MFCMapi.rc2
+++ b/core/res/MFCMapi.rc2
@@ -1474,10 +1474,11 @@ IDS_ACCESSSIMPLEFREEBUSY "Simple FreeBusy"
 IDS_ACCESSDETAILEDFREEBUSY "Detailed FreeBusy"
 
 IDS_SIDACCOUNT "Account: %1!ws!\\%2!ws!\r\n\
-SID: %3!ws!\r\n\
-Access Type: 0x%4!08X! = %5!ws!\r\n\
-Access Flags: 0x%6!08X! = %7!ws!\r\n\
-Access Mask: 0x%8!08X! = %9!ws!"
+ACE Type: 0x%3!02X! = %4!ws!\r\n\
+ACE Flags: 0x%5!02X! = %6!ws!\r\n\
+ACE Mask: 0x%7!08X! = %8!ws!\r\n\
+ACE Size: 0x%9!04X!\r\n\
+SID: %10!ws!"
 IDS_SIDOBJECTYPE "ObjectType: "
 IDS_SIDINHERITEDOBJECTYPE "InheritedObjectType: "
 IDS_SIDFLAGS "Flags: 0x%1!08X!"

From 9bbd8635c2f9c8e201d1059386078d1fd77d711d Mon Sep 17 00:00:00 2001
From: Stephen Griffin <sgriffin@outlook.com>
Date: Wed, 8 Jan 2025 17:26:36 -0500
Subject: [PATCH 06/19] Fix SmartViewAddInTest1

---
 UnitTest/scripts/Build-SmartViewTests.ps1 | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/UnitTest/scripts/Build-SmartViewTests.ps1 b/UnitTest/scripts/Build-SmartViewTests.ps1
index 7e2d7277c..4d9f28a94 100644
--- a/UnitTest/scripts/Build-SmartViewTests.ps1
+++ b/UnitTest/scripts/Build-SmartViewTests.ps1
@@ -140,8 +140,9 @@ namespace SmartViewTest
                 std::wstring(L"SmartViewAddInTest1"),
                 parserType::END,
                 std::vector<BYTE>{1, 2, 3, 4},
-                std::wstring(L"Unknown Parser 39\r\n"
-                             L"\tcb: 4 lpb: 01020304"));
+                strings::formatmessage(L"Unknown Parser %1!d!\r\n"
+                             L"\tcb: 4 lpb: 01020304",
+                             parserType::END));
         }
 
 $tests

From 3d07226c47f67fa27ab534daef5575660abdcd45 Mon Sep 17 00:00:00 2001
From: Stephen Griffin <sgriffin@outlook.com>
Date: Mon, 13 Jan 2025 11:35:31 -0500
Subject: [PATCH 07/19] Isolate SD parsers

---
 core/core.vcxproj                  | 8 ++++----
 core/core.vcxproj.filters          | 8 ++++----
 core/smartview/{ => SD}/SDBin.cpp  | 2 +-
 core/smartview/{ => SD}/SDBin.h    | 0
 core/smartview/{ => SD}/SIDBin.cpp | 2 +-
 core/smartview/{ => SD}/SIDBin.h   | 0
 core/smartview/SmartView.cpp       | 4 ++--
 7 files changed, 12 insertions(+), 12 deletions(-)
 rename core/smartview/{ => SD}/SDBin.cpp (97%)
 rename core/smartview/{ => SD}/SDBin.h (100%)
 rename core/smartview/{ => SD}/SIDBin.cpp (94%)
 rename core/smartview/{ => SD}/SIDBin.h (100%)

diff --git a/core/core.vcxproj b/core/core.vcxproj
index 76ba18502..d0f483f12 100644
--- a/core/core.vcxproj
+++ b/core/core.vcxproj
@@ -824,9 +824,9 @@
     <ClInclude Include="smartview\ReportTag.h" />
     <ClInclude Include="smartview\RestrictionStruct.h" />
     <ClInclude Include="smartview\RuleCondition.h" />
-    <ClInclude Include="smartview\SDBin.h" />
+    <ClInclude Include="smartview\SD\SDBin.h" />
     <ClInclude Include="smartview\SearchFolderDefinition.h" />
-    <ClInclude Include="smartview\SIDBin.h" />
+    <ClInclude Include="smartview\SD\SIDBin.h" />
     <ClInclude Include="smartview\SmartView.h" />
     <ClInclude Include="smartview\TaskAssigners.h" />
     <ClInclude Include="smartview\TimeZone.h" />
@@ -914,9 +914,9 @@
     <ClCompile Include="smartview\ReportTag.cpp" />
     <ClCompile Include="smartview\RestrictionStruct.cpp" />
     <ClCompile Include="smartview\RuleCondition.cpp" />
-    <ClCompile Include="smartview\SDBin.cpp" />
+    <ClCompile Include="smartview\SD\SDBin.cpp" />
     <ClCompile Include="smartview\SearchFolderDefinition.cpp" />
-    <ClCompile Include="smartview\SIDBin.cpp" />
+    <ClCompile Include="smartview\SD\SIDBin.cpp" />
     <ClCompile Include="smartview\SmartView.cpp" />
     <ClCompile Include="smartview\block\block.cpp" />
     <ClCompile Include="smartview\TaskAssigners.cpp" />
diff --git a/core/core.vcxproj.filters b/core/core.vcxproj.filters
index faf546f04..6d5b74b76 100644
--- a/core/core.vcxproj.filters
+++ b/core/core.vcxproj.filters
@@ -183,13 +183,13 @@
     <ClInclude Include="smartview\RuleCondition.h">
       <Filter>Header Files</Filter>
     </ClInclude>
-    <ClInclude Include="smartview\SDBin.h">
+    <ClInclude Include="smartview\SD\SDBin.h">
       <Filter>Header Files</Filter>
     </ClInclude>
     <ClInclude Include="smartview\SearchFolderDefinition.h">
       <Filter>Header Files</Filter>
     </ClInclude>
-    <ClInclude Include="smartview\SIDBin.h">
+    <ClInclude Include="smartview\SD\SIDBin.h">
       <Filter>Header Files</Filter>
     </ClInclude>
     <ClInclude Include="smartview\SmartView.h">
@@ -464,13 +464,13 @@
     <ClCompile Include="smartview\RuleCondition.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>
-    <ClCompile Include="smartview\SDBin.cpp">
+    <ClCompile Include="smartview\SD\SDBin.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>
     <ClCompile Include="smartview\SearchFolderDefinition.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>
-    <ClCompile Include="smartview\SIDBin.cpp">
+    <ClCompile Include="smartview\SD\SIDBin.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>
     <ClCompile Include="smartview\SmartView.cpp">
diff --git a/core/smartview/SDBin.cpp b/core/smartview/SD/SDBin.cpp
similarity index 97%
rename from core/smartview/SDBin.cpp
rename to core/smartview/SD/SDBin.cpp
index 437d27993..56251d22f 100644
--- a/core/smartview/SDBin.cpp
+++ b/core/smartview/SD/SDBin.cpp
@@ -1,5 +1,5 @@
 #include <core/stdafx.h>
-#include <core/smartview/SDBin.h>
+#include <core/smartview/SD/SDBin.h>
 #include <core/mapi/extraPropTags.h>
 #include <core/interpret/flags.h>
 #include <core/interpret/sid.h>
diff --git a/core/smartview/SDBin.h b/core/smartview/SD/SDBin.h
similarity index 100%
rename from core/smartview/SDBin.h
rename to core/smartview/SD/SDBin.h
diff --git a/core/smartview/SIDBin.cpp b/core/smartview/SD/SIDBin.cpp
similarity index 94%
rename from core/smartview/SIDBin.cpp
rename to core/smartview/SD/SIDBin.cpp
index 7a63be74c..e5dd5e0e8 100644
--- a/core/smartview/SIDBin.cpp
+++ b/core/smartview/SD/SIDBin.cpp
@@ -1,5 +1,5 @@
 #include <core/stdafx.h>
-#include <core/smartview/SIDBin.h>
+#include <core/smartview/SD/SIDBin.h>
 #include <core/utility/strings.h>
 #include <core/interpret/sid.h>
 
diff --git a/core/smartview/SIDBin.h b/core/smartview/SD/SIDBin.h
similarity index 100%
rename from core/smartview/SIDBin.h
rename to core/smartview/SD/SIDBin.h
diff --git a/core/smartview/SmartView.cpp b/core/smartview/SmartView.cpp
index 4aafd5850..154df735e 100644
--- a/core/smartview/SmartView.cpp
+++ b/core/smartview/SmartView.cpp
@@ -37,8 +37,8 @@
 #include <core/smartview/ExtendedFlags.h>
 #include <core/smartview/AppointmentRecurrencePattern.h>
 #include <core/smartview/RecurrencePattern.h>
-#include <core/smartview/SIDBin.h>
-#include <core/smartview/SDBin.h>
+#include <core/smartview/SD/SIDBin.h>
+#include <core/smartview/SD/SDBin.h>
 #include <core/smartview/XID.h>
 #include <core/smartview/decodeEntryID.h>
 #include <core/smartview/encodeEntryID.h>

From d2dc48b08afc8d2f3d3dcadb71375b9c1247c152 Mon Sep 17 00:00:00 2001
From: Stephen Griffin <sgriffin@outlook.com>
Date: Mon, 13 Jan 2025 11:37:15 -0500
Subject: [PATCH 08/19] index on u/sgriffin/sid: 9bbd8635 Fix
 SmartViewAddInTest1


From 8cb45cc6a16f21732a0b3c70331980fd1c58447c Mon Sep 17 00:00:00 2001
From: Stephen Griffin <sgriffin@outlook.com>
Date: Mon, 13 Jan 2025 12:37:07 -0500
Subject: [PATCH 09/19] Split NTSD parsing from SD parsing and add test cases.

---
 UI/MySecInfo.cpp                              |  2 +-
 UnitTest/SmartViewTestData/In/NTSD-1.dat      |  1 +
 .../{SECURITYDESCRIPTOR-2.dat => NTSD-2.dat}  |  0
 .../{SECURITYDESCRIPTOR-3.dat => NTSD-3.dat}  |  0
 .../{SECURITYDESCRIPTOR-4.dat => NTSD-4.dat}  |  0
 .../In/SECURITYDESCRIPTOR-1.dat               | 15 +++++-
 .../Out/FBSECURITYDESCRIPTOR-out-1.dat        |  2 +-
 .../Out/FBSECURITYDESCRIPTOR-out-2.dat        |  2 +-
 UnitTest/SmartViewTestData/Out/NTSD-out-1.dat | 41 ++++++++++++++
 ...ITYDESCRIPTOR-out-2.dat => NTSD-out-2.dat} |  2 +-
 ...ITYDESCRIPTOR-out-3.dat => NTSD-out-3.dat} |  2 +-
 ...ITYDESCRIPTOR-out-4.dat => NTSD-out-4.dat} |  2 +-
 .../Out/SECURITYDESCRIPTOR-out-1.dat          |  3 --
 UnitTest/tests/sidtest.cpp                    | 10 ++--
 core/addin/mfcmapi.h                          |  1 +
 core/core.vcxproj                             |  2 +
 core/core.vcxproj.filters                     |  6 +++
 core/interpret/sid.cpp                        | 18 +++++--
 core/interpret/sid.h                          |  3 +-
 core/interpret/smartViewParsers.h             |  3 +-
 core/smartview/SD/NTSD.cpp                    | 53 +++++++++++++++++++
 core/smartview/SD/NTSD.h                      | 20 +++++++
 core/smartview/SD/SDBin.cpp                   | 15 +-----
 core/smartview/SmartView.cpp                  |  5 +-
 24 files changed, 172 insertions(+), 36 deletions(-)
 create mode 100644 UnitTest/SmartViewTestData/In/NTSD-1.dat
 rename UnitTest/SmartViewTestData/In/{SECURITYDESCRIPTOR-2.dat => NTSD-2.dat} (100%)
 rename UnitTest/SmartViewTestData/In/{SECURITYDESCRIPTOR-3.dat => NTSD-3.dat} (100%)
 rename UnitTest/SmartViewTestData/In/{SECURITYDESCRIPTOR-4.dat => NTSD-4.dat} (100%)
 create mode 100644 UnitTest/SmartViewTestData/Out/NTSD-out-1.dat
 rename UnitTest/SmartViewTestData/Out/{SECURITYDESCRIPTOR-out-2.dat => NTSD-out-2.dat} (96%)
 rename UnitTest/SmartViewTestData/Out/{SECURITYDESCRIPTOR-out-3.dat => NTSD-out-3.dat} (76%)
 rename UnitTest/SmartViewTestData/Out/{SECURITYDESCRIPTOR-out-4.dat => NTSD-out-4.dat} (77%)
 create mode 100644 core/smartview/SD/NTSD.cpp
 create mode 100644 core/smartview/SD/NTSD.h

diff --git a/UI/MySecInfo.cpp b/UI/MySecInfo.cpp
index 497495435..5aa3ed48a 100644
--- a/UI/MySecInfo.cpp
+++ b/UI/MySecInfo.cpp
@@ -204,7 +204,7 @@ namespace mapi::mapiui
 				}
 
 				// Dump our SD
-				auto sd = SDToString(std::vector<BYTE>(lpSDBuffer, lpSDBuffer + cbSBBuffer), m_acetype);
+				auto sd = NTSDToString(std::vector<BYTE>(lpSDBuffer, lpSDBuffer + cbSBBuffer), m_acetype);
 				output::DebugPrint(
 					output::dbgLevel::Generic, L"sdInfo: %ws\nszDACL: %ws\n", sd.info.c_str(), sd.dacl.c_str());
 			}
diff --git a/UnitTest/SmartViewTestData/In/NTSD-1.dat b/UnitTest/SmartViewTestData/In/NTSD-1.dat
new file mode 100644
index 000000000..49001e52b
--- /dev/null
+++ b/UnitTest/SmartViewTestData/In/NTSD-1.dat
@@ -0,0 +1 @@
+080003000000000001000780F40000000001000000000000140000000200E0000600000000092400A9081200010500000000000515000000371A6C07352F372AAD20FA5B019301000109240016071F00010500000000000515000000371A6C07352F372AAD20FA5B0193010001092400BF0F1F00010500000000000515000000271A6C07352F372AAD20FA5BAA830B0000022400A9081200010500000000000515000000371A6C07352F372AAD20FA5B019301000102240016C90D00010500000000000515000000371A6C07352F372AAD20FA5B0193010001022400BFC91F00010500000000000515000000271A6C07352F372AAD20FA5BAA830B0001010000000000051200000001020000000000052000000020020000
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/In/SECURITYDESCRIPTOR-2.dat b/UnitTest/SmartViewTestData/In/NTSD-2.dat
similarity index 100%
rename from UnitTest/SmartViewTestData/In/SECURITYDESCRIPTOR-2.dat
rename to UnitTest/SmartViewTestData/In/NTSD-2.dat
diff --git a/UnitTest/SmartViewTestData/In/SECURITYDESCRIPTOR-3.dat b/UnitTest/SmartViewTestData/In/NTSD-3.dat
similarity index 100%
rename from UnitTest/SmartViewTestData/In/SECURITYDESCRIPTOR-3.dat
rename to UnitTest/SmartViewTestData/In/NTSD-3.dat
diff --git a/UnitTest/SmartViewTestData/In/SECURITYDESCRIPTOR-4.dat b/UnitTest/SmartViewTestData/In/NTSD-4.dat
similarity index 100%
rename from UnitTest/SmartViewTestData/In/SECURITYDESCRIPTOR-4.dat
rename to UnitTest/SmartViewTestData/In/NTSD-4.dat
diff --git a/UnitTest/SmartViewTestData/In/SECURITYDESCRIPTOR-1.dat b/UnitTest/SmartViewTestData/In/SECURITYDESCRIPTOR-1.dat
index 49001e52b..b38ed64ee 100644
--- a/UnitTest/SmartViewTestData/In/SECURITYDESCRIPTOR-1.dat
+++ b/UnitTest/SmartViewTestData/In/SECURITYDESCRIPTOR-1.dat
@@ -1 +1,14 @@
-080003000000000001000780F40000000001000000000000140000000200E0000600000000092400A9081200010500000000000515000000371A6C07352F372AAD20FA5B019301000109240016071F00010500000000000515000000371A6C07352F372AAD20FA5B0193010001092400BF0F1F00010500000000000515000000271A6C07352F372AAD20FA5BAA830B0000022400A9081200010500000000000515000000371A6C07352F372AAD20FA5B019301000102240016C90D00010500000000000515000000371A6C07352F372AAD20FA5B0193010001022400BFC91F00010500000000000515000000271A6C07352F372AAD20FA5BAA830B0001010000000000051200000001020000000000052000000020020000
\ No newline at end of file
+01000780
+F4000000
+00010000
+00000000
+14000000
+0200E000 0600 0000
+00 09 2400 A9081200 010500000000000515000000371A6C07352F372AAD20FA5B01930100
+01 09 2400 16071F00 010500000000000515000000371A6C07352F372AAD20FA5B01930100
+01 09 2400 BF0F1F00 010500000000000515000000271A6C07352F372AAD20FA5BAA830B00
+00 02 2400 A9081200 010500000000000515000000371A6C07352F372AAD20FA5B01930100
+01 02 2400 16C90D00 010500000000000515000000371A6C07352F372AAD20FA5B01930100
+01 02 2400 BFC91F00 010500000000000515000000271A6C07352F372AAD20FA5BAA830B00
+010100000000000512000000
+01020000000000052000000020020000
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/Out/FBSECURITYDESCRIPTOR-out-1.dat b/UnitTest/SmartViewTestData/Out/FBSECURITYDESCRIPTOR-out-1.dat
index 9d8894b08..0745693ac 100644
--- a/UnitTest/SmartViewTestData/Out/FBSECURITYDESCRIPTOR-out-1.dat
+++ b/UnitTest/SmartViewTestData/Out/FBSECURITYDESCRIPTOR-out-1.dat
@@ -1,4 +1,4 @@
-Security Descriptor
+PR_NT_SECURITY_DESCRIPTOR
 	Security Info
 		0x0
 	Security Version: 0x0003 = SECURITY_DESCRIPTOR_TRANSFER_VERSION
diff --git a/UnitTest/SmartViewTestData/Out/FBSECURITYDESCRIPTOR-out-2.dat b/UnitTest/SmartViewTestData/Out/FBSECURITYDESCRIPTOR-out-2.dat
index 206ce772f..857ac5754 100644
--- a/UnitTest/SmartViewTestData/Out/FBSECURITYDESCRIPTOR-out-2.dat
+++ b/UnitTest/SmartViewTestData/Out/FBSECURITYDESCRIPTOR-out-2.dat
@@ -1,4 +1,4 @@
-Security Descriptor
+PR_NT_SECURITY_DESCRIPTOR
 	Security Info
 		0x0
 	Security Version: 0x0003 = SECURITY_DESCRIPTOR_TRANSFER_VERSION
diff --git a/UnitTest/SmartViewTestData/Out/NTSD-out-1.dat b/UnitTest/SmartViewTestData/Out/NTSD-out-1.dat
new file mode 100644
index 000000000..0894e73c5
--- /dev/null
+++ b/UnitTest/SmartViewTestData/Out/NTSD-out-1.dat
@@ -0,0 +1,41 @@
+PR_NT_SECURITY_DESCRIPTOR
+	Security Info
+		0x0
+	Security Version: 0x0003 = SECURITY_DESCRIPTOR_TRANSFER_VERSION
+	Descriptor
+	Account: (no domain)\(no name)
+ACE Type: 0x00 = ACCESS_ALLOWED_ACE_TYPE
+ACE Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE
+ACE Mask: 0x001208A9 = fsdrightReadBody | fsdrightReadProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightViewItem | fsdrightReadControl | fsdrightSynchronize
+ACE Size: 0x0024
+SID: S-1-5-21-124525111-708259637-1543119021-103169
+Account: (no domain)\(no name)
+ACE Type: 0x01 = ACCESS_DENIED_ACE_TYPE
+ACE Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE
+ACE Mask: 0x001F0716 = fsdrightWriteBody | fsdrightAppendMsg | fsdrightWriteProperty | fsdrightWriteAttributes | fsdrightWriteOwnProperty | fsdrightDeleteOwnItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize
+ACE Size: 0x0024
+SID: S-1-5-21-124525111-708259637-1543119021-103169
+Account: (no domain)\(no name)
+ACE Type: 0x01 = ACCESS_DENIED_ACE_TYPE
+ACE Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE
+ACE Mask: 0x001F0FBF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightWriteOwnProperty | fsdrightDeleteOwnItem | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize
+ACE Size: 0x0024
+SID: S-1-5-21-124525095-708259637-1543119021-754602
+Account: (no domain)\(no name)
+ACE Type: 0x00 = ACCESS_ALLOWED_ACE_TYPE
+ACE Flags: 0x02 = CONTAINER_INHERIT_ACE
+ACE Mask: 0x001208A9 = fsdrightReadBody | fsdrightReadProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightViewItem | fsdrightReadControl | fsdrightSynchronize
+ACE Size: 0x0024
+SID: S-1-5-21-124525111-708259637-1543119021-103169
+Account: (no domain)\(no name)
+ACE Type: 0x01 = ACCESS_DENIED_ACE_TYPE
+ACE Flags: 0x02 = CONTAINER_INHERIT_ACE
+ACE Mask: 0x000DC916 = fsdrightWriteBody | fsdrightAppendMsg | fsdrightWriteProperty | fsdrightWriteAttributes | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | 0xC000
+ACE Size: 0x0024
+SID: S-1-5-21-124525111-708259637-1543119021-103169
+Account: (no domain)\(no name)
+ACE Type: 0x01 = ACCESS_DENIED_ACE_TYPE
+ACE Flags: 0x02 = CONTAINER_INHERIT_ACE
+ACE Mask: 0x001FC9BF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize | 0xC000
+ACE Size: 0x0024
+SID: S-1-5-21-124525095-708259637-1543119021-754602
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/Out/SECURITYDESCRIPTOR-out-2.dat b/UnitTest/SmartViewTestData/Out/NTSD-out-2.dat
similarity index 96%
rename from UnitTest/SmartViewTestData/Out/SECURITYDESCRIPTOR-out-2.dat
rename to UnitTest/SmartViewTestData/Out/NTSD-out-2.dat
index 4e0b840fa..037489d31 100644
--- a/UnitTest/SmartViewTestData/Out/SECURITYDESCRIPTOR-out-2.dat
+++ b/UnitTest/SmartViewTestData/Out/NTSD-out-2.dat
@@ -1,4 +1,4 @@
-Security Descriptor
+PR_NT_SECURITY_DESCRIPTOR
 	Security Info
 		0x0
 	Security Version: 0x0003 = SECURITY_DESCRIPTOR_TRANSFER_VERSION
diff --git a/UnitTest/SmartViewTestData/Out/SECURITYDESCRIPTOR-out-3.dat b/UnitTest/SmartViewTestData/Out/NTSD-out-3.dat
similarity index 76%
rename from UnitTest/SmartViewTestData/Out/SECURITYDESCRIPTOR-out-3.dat
rename to UnitTest/SmartViewTestData/Out/NTSD-out-3.dat
index af9b3c80f..d4917aa54 100644
--- a/UnitTest/SmartViewTestData/Out/SECURITYDESCRIPTOR-out-3.dat
+++ b/UnitTest/SmartViewTestData/Out/NTSD-out-3.dat
@@ -1,4 +1,4 @@
-Security Descriptor
+PR_NT_SECURITY_DESCRIPTOR
 	Security Info
 		0x0
 	Security Version: 0x0003 = SECURITY_DESCRIPTOR_TRANSFER_VERSION
diff --git a/UnitTest/SmartViewTestData/Out/SECURITYDESCRIPTOR-out-4.dat b/UnitTest/SmartViewTestData/Out/NTSD-out-4.dat
similarity index 77%
rename from UnitTest/SmartViewTestData/Out/SECURITYDESCRIPTOR-out-4.dat
rename to UnitTest/SmartViewTestData/Out/NTSD-out-4.dat
index 3fe9a96f2..ee1c483ea 100644
--- a/UnitTest/SmartViewTestData/Out/SECURITYDESCRIPTOR-out-4.dat
+++ b/UnitTest/SmartViewTestData/Out/NTSD-out-4.dat
@@ -1,4 +1,4 @@
-Security Descriptor
+PR_NT_SECURITY_DESCRIPTOR
 	Security Info
 	Security Version: 0x7AB0 = 0x7AB0
 	Descriptor
diff --git a/UnitTest/SmartViewTestData/Out/SECURITYDESCRIPTOR-out-1.dat b/UnitTest/SmartViewTestData/Out/SECURITYDESCRIPTOR-out-1.dat
index 74f8ed472..66f9911bc 100644
--- a/UnitTest/SmartViewTestData/Out/SECURITYDESCRIPTOR-out-1.dat
+++ b/UnitTest/SmartViewTestData/Out/SECURITYDESCRIPTOR-out-1.dat
@@ -1,7 +1,4 @@
 Security Descriptor
-	Security Info
-		0x0
-	Security Version: 0x0003 = SECURITY_DESCRIPTOR_TRANSFER_VERSION
 	Descriptor
 	Account: (no domain)\(no name)
 ACE Type: 0x00 = ACCESS_ALLOWED_ACE_TYPE
diff --git a/UnitTest/tests/sidtest.cpp b/UnitTest/tests/sidtest.cpp
index 24931c894..b5bca7eb7 100644
--- a/UnitTest/tests/sidtest.cpp
+++ b/UnitTest/tests/sidtest.cpp
@@ -134,25 +134,25 @@ namespace sidtest
 				ACEToString(aceDenyObjectBin.data(), sid::aceType::FreeBusy));
 		}
 
-		TEST_METHOD(Test_SDToString)
+		TEST_METHOD(Test_NTSDToString)
 		{
-			const auto nullsd = SDToString({}, sid::aceType::Container);
+			const auto nullsd = NTSDToString({}, sid::aceType::Container);
 			Assert::AreEqual(std::wstring{L"This is not a valid security descriptor."}, nullsd.dacl);
 			Assert::AreEqual(std::wstring{L""}, nullsd.info);
 
 			const auto invalid =
-				SDToString(strings::HexStringToBin(L"B606B07ABB6079AB2082C760"), sid::aceType::Container);
+				NTSDToString(strings::HexStringToBin(L"B606B07ABB6079AB2082C760"), sid::aceType::Container);
 			Assert::AreEqual(std::wstring{L"This is not a valid security descriptor."}, invalid.dacl);
 			Assert::AreEqual(std::wstring{L""}, invalid.info);
 
-			const auto sd = SDToString(
+			const auto sd = NTSDToString(
 				strings::HexStringToBin(L"0800030000000000010007801C000000280000000000000014000000020008000000000001010"
 										L"000000000051200000001020000000000052000000020020000"),
 				sid::aceType::Container);
 			Assert::AreEqual(std::wstring{L""}, sd.dacl);
 			Assert::AreEqual(std::wstring{L"0x0"}, sd.info);
 
-			const auto sd1 = SDToString(
+			const auto sd1 = NTSDToString(
 				strings::HexStringToBin(
 					L"08000300000000000100078064000000700000000000000014000000020050000200000001092400BF0F1F00010500000"
 					L"000000515000000271A6C07352F372AAD20FA5BAA830B0001022400BFC91F00010500000000000515000000271A6C0735"
diff --git a/core/addin/mfcmapi.h b/core/addin/mfcmapi.h
index b6b338815..b136806d2 100644
--- a/core/addin/mfcmapi.h
+++ b/core/addin/mfcmapi.h
@@ -149,6 +149,7 @@ enum class parserType
 	PTI8,
 	SFIDMID,
 	SWAPPEDTODO,
+	NTSD,
 	END // This must be the end of the enum
 };
 
diff --git a/core/core.vcxproj b/core/core.vcxproj
index d0f483f12..bac1129d6 100644
--- a/core/core.vcxproj
+++ b/core/core.vcxproj
@@ -767,6 +767,7 @@
     <ClInclude Include="mapi\columnTags.h" />
     <ClInclude Include="mapi\exportProfile.h" />
     <ClInclude Include="mapi\extraPropTags.h" />
+    <ClInclude Include="smartview\SD\NTSD.h" />
     <ClInclude Include="utility\clipboard.h" />
     <ClInclude Include="mapi\interfaces.h" />
     <ClInclude Include="mapi\mapiABFunctions.h" />
@@ -870,6 +871,7 @@
     <ClCompile Include="mapi\cache\mapiObjects.cpp" />
     <ClCompile Include="mapi\cache\namedProps.cpp" />
     <ClCompile Include="mapi\exportProfile.cpp" />
+    <ClCompile Include="smartview\SD\NTSD.cpp" />
     <ClCompile Include="utility\clipboard.cpp" />
     <ClCompile Include="mapi\mapiABFunctions.cpp" />
     <ClCompile Include="mapi\mapiFile.cpp" />
diff --git a/core/core.vcxproj.filters b/core/core.vcxproj.filters
index 6d5b74b76..a7e8c5b44 100644
--- a/core/core.vcxproj.filters
+++ b/core/core.vcxproj.filters
@@ -348,6 +348,9 @@
     <ClInclude Include="utility\clipboard.h">
       <Filter>Header Files</Filter>
     </ClInclude>
+    <ClInclude Include="smartview\SD\NTSD.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="utility\strings.cpp">
@@ -614,6 +617,9 @@
     <ClCompile Include="utility\clipboard.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="smartview\SD\NTSD.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <None Include="res\MFCMapi.rc2">
diff --git a/core/interpret/sid.cpp b/core/interpret/sid.cpp
index b499096b2..60905f008 100644
--- a/core/interpret/sid.cpp
+++ b/core/interpret/sid.cpp
@@ -230,11 +230,23 @@ namespace sid
 		}
 	}
 
-	_Check_return_ SecurityDescriptor SDToString(const std::vector<BYTE>& buf, aceType acetype)
+	_Check_return_ SecurityDescriptor NTSDToString(const std::vector<BYTE>& buf, aceType acetype)
 	{
 		if (!IsValidSecurityDescriptorEx(buf))
 			return SecurityDescriptor{strings::formatmessage(IDS_INVALIDSD), strings::emptystring};
 		const auto pSecurityDescriptor = SECURITY_DESCRIPTOR_OF(buf.data());
+		const auto cbSecurityDescriptor = buf.size() - CbSecurityDescriptorHeader(buf.data());
+		const auto sdVector = std::vector<BYTE>(pSecurityDescriptor, pSecurityDescriptor + cbSecurityDescriptor);
+		const auto sdString = SDToString(sdVector, acetype);
+
+		return SecurityDescriptor{
+			sdString, flags::InterpretFlags(flagSecurityInfo, SECURITY_INFORMATION_OF(buf.data()))};
+	}
+
+	_Check_return_ std::wstring SDToString(const std::vector<BYTE>& buf, aceType acetype)
+	{
+		const auto pSecurityDescriptor = const_cast<LPBYTE>(buf.data());
+		if (!IsValidSecurityDescriptor(pSecurityDescriptor)) return {};
 
 		auto bValidDACL = static_cast<BOOL>(false);
 		auto pACL = PACL{};
@@ -258,8 +270,6 @@ namespace sid
 			}
 		}
 
-		return SecurityDescriptor{
-			strings::join(sdString, L"\r\n"),
-			flags::InterpretFlags(flagSecurityInfo, SECURITY_INFORMATION_OF(buf.data()))};
+		return strings::join(sdString, L"\r\n");
 	}
 } // namespace sid
\ No newline at end of file
diff --git a/core/interpret/sid.h b/core/interpret/sid.h
index 0b32bf9c3..a4dc01994 100644
--- a/core/interpret/sid.h
+++ b/core/interpret/sid.h
@@ -33,5 +33,6 @@ namespace sid
 	_Check_return_ std::wstring GetTextualSid(std::vector<BYTE> buf);
 	_Check_return_ SidAccount LookupAccountSid(PSID SidStart);
 	_Check_return_ SidAccount LookupAccountSid(std::vector<BYTE> buf);
-	_Check_return_ SecurityDescriptor SDToString(const std::vector<BYTE>& buf, aceType acetype);
+	_Check_return_ SecurityDescriptor NTSDToString(const std::vector<BYTE>& buf, aceType acetype);
+	_Check_return_ std::wstring SDToString(const std::vector<BYTE>& buf, aceType acetype);
 } // namespace sid
\ No newline at end of file
diff --git a/core/interpret/smartViewParsers.h b/core/interpret/smartViewParsers.h
index 9fc5ff858..e7d8066cb 100644
--- a/core/interpret/smartViewParsers.h
+++ b/core/interpret/smartViewParsers.h
@@ -40,6 +40,7 @@ namespace smartview
 		{parserType::RULEACTION, L"Rule Action"}, // STRING_OK
 		{parserType::EXTENDEDRULEACTION, L"Extended Rule Action"}, // STRING_OK
 		{parserType::SWAPPEDTODO, L"Swapped ToDo"}, // STRING_OK
+		{parserType::NTSD, L"PR_SECURITY_DESCRIPTOR"}, // STRING_OK
 	};
 
 	static SMARTVIEW_PARSER_ARRAY_ENTRY g_SmartViewParserArray[] = {
@@ -58,7 +59,7 @@ namespace smartview
 		BINARY_STRUCTURE_ENTRY(PR_SENDER_ENTRYID, parserType::ENTRYID)
 		BINARY_STRUCTURE_ENTRY(PR_PARENT_ENTRYID, parserType::ENTRYID)
 		BINARY_STRUCTURE_ENTRY(PR_SENTMAIL_ENTRYID, parserType::ENTRYID)
-		BINARY_STRUCTURE_ENTRY(PR_NT_SECURITY_DESCRIPTOR, parserType::SECURITYDESCRIPTOR)
+		BINARY_STRUCTURE_ENTRY(PR_NT_SECURITY_DESCRIPTOR, parserType::NTSD)
 		BINARY_STRUCTURE_ENTRY(PR_CREATOR_SID, parserType::SID)
 		BINARY_STRUCTURE_ENTRY(PR_LAST_MODIFIER_SID, parserType::SID)
 		BINARY_STRUCTURE_ENTRY(PR_EXTENDED_RULE_ACTIONS, parserType::EXTENDEDRULEACTION)
diff --git a/core/smartview/SD/NTSD.cpp b/core/smartview/SD/NTSD.cpp
new file mode 100644
index 000000000..1a50c20c8
--- /dev/null
+++ b/core/smartview/SD/NTSD.cpp
@@ -0,0 +1,53 @@
+#include <core/stdafx.h>
+#include <core/smartview/SD/NTSD.h>
+#include <core/mapi/extraPropTags.h>
+#include <core/interpret/flags.h>
+#include <core/interpret/sid.h>
+#include <core/mapi/mapiFunctions.h>
+
+namespace smartview
+{
+	NTSD::NTSD(_In_opt_ LPMAPIPROP lpMAPIProp, bool bFB)
+	{
+		switch (mapi::GetMAPIObjectType(lpMAPIProp))
+		{
+		case MAPI_STORE:
+		case MAPI_ADDRBOOK:
+		case MAPI_FOLDER:
+		case MAPI_ABCONT:
+			acetype = sid::aceType::Container;
+			break;
+		}
+
+		if (bFB) acetype = sid::aceType::FreeBusy;
+	}
+
+	void NTSD::parse() { m_SDbin = blockBytes::parse(parser, parser->getSize()); }
+
+	void NTSD::parseBlocks()
+	{
+		if (m_SDbin)
+		{
+			setText(L"PR_NT_SECURITY_DESCRIPTOR");
+
+			// TODO: more accurately break this parsing into blocks with proper offsets
+			const auto sd = NTSDToString(*m_SDbin, acetype);
+			auto si = create(L"Security Info");
+			addChild(si);
+			if (!sd.info.empty())
+			{
+				si->addChild(m_SDbin, sd.info);
+			}
+
+			if (m_SDbin->size() >= 2 * sizeof(WORD))
+			{
+				const auto sdVersion = SECURITY_DESCRIPTOR_VERSION(m_SDbin->data());
+				auto szFlags = flags::InterpretFlags(flagSecurityVersion, sdVersion);
+				addHeader(L"Security Version: 0x%1!04X! = %2!ws!", sdVersion, szFlags.c_str());
+			}
+
+			addHeader(L"Descriptor");
+			addHeader(sd.dacl);
+		}
+	}
+} // namespace smartview
\ No newline at end of file
diff --git a/core/smartview/SD/NTSD.h b/core/smartview/SD/NTSD.h
new file mode 100644
index 000000000..024f49413
--- /dev/null
+++ b/core/smartview/SD/NTSD.h
@@ -0,0 +1,20 @@
+#pragma once
+#include <core/smartview/block/block.h>
+#include <core/smartview/block/blockBytes.h>
+#include <core/interpret/sid.h>
+
+namespace smartview
+{
+	class NTSD : public block
+	{
+	public:
+		NTSD(_In_opt_ LPMAPIPROP lpMAPIProp, bool bFB);
+
+	private:
+		void parse() override;
+		void parseBlocks() override;
+
+		sid::aceType acetype{sid::aceType::Message};
+		std::shared_ptr<blockBytes> m_SDbin = emptyBB();
+	};
+} // namespace smartview
\ No newline at end of file
diff --git a/core/smartview/SD/SDBin.cpp b/core/smartview/SD/SDBin.cpp
index 56251d22f..c008d9de0 100644
--- a/core/smartview/SD/SDBin.cpp
+++ b/core/smartview/SD/SDBin.cpp
@@ -32,22 +32,9 @@ namespace smartview
 
 			// TODO: more accurately break this parsing into blocks with proper offsets
 			const auto sd = SDToString(*m_SDbin, acetype);
-			auto si = create(L"Security Info");
-			addChild(si);
-			if (!sd.info.empty())
-			{
-				si->addChild(m_SDbin, sd.info);
-			}
-
-			if (m_SDbin->size() >= 2 * sizeof(WORD))
-			{
-				const auto sdVersion = SECURITY_DESCRIPTOR_VERSION(m_SDbin->data());
-				auto szFlags = flags::InterpretFlags(flagSecurityVersion, sdVersion);
-				addHeader(L"Security Version: 0x%1!04X! = %2!ws!", sdVersion, szFlags.c_str());
-			}
 
 			addHeader(L"Descriptor");
-			addHeader(sd.dacl);
+			addHeader(sd);
 		}
 	}
 } // namespace smartview
\ No newline at end of file
diff --git a/core/smartview/SmartView.cpp b/core/smartview/SmartView.cpp
index 154df735e..b756eb4b5 100644
--- a/core/smartview/SmartView.cpp
+++ b/core/smartview/SmartView.cpp
@@ -39,6 +39,7 @@
 #include <core/smartview/RecurrencePattern.h>
 #include <core/smartview/SD/SIDBin.h>
 #include <core/smartview/SD/SDBin.h>
+#include <core/smartview/SD/NTSD.h>
 #include <core/smartview/XID.h>
 #include <core/smartview/decodeEntryID.h>
 #include <core/smartview/encodeEntryID.h>
@@ -137,11 +138,13 @@ namespace smartview
 		case parserType::SECURITYDESCRIPTOR:
 			return std::make_shared<SDBin>(lpMAPIProp, false);
 		case parserType::FBSECURITYDESCRIPTOR:
-			return std::make_shared<SDBin>(lpMAPIProp, true);
+			return std::make_shared<NTSD>(lpMAPIProp, true);
 		case parserType::XID:
 			return std::make_shared<XID>();
 		case parserType::SWAPPEDTODO:
 			return std::make_shared<swappedToDo>();
+		case parserType::NTSD:
+			return std::make_shared<NTSD>(lpMAPIProp, false);
 		default:
 			// Any other case is either handled by an add-in or not at all
 			return std::make_shared<addinParser>(type);

From c2618cb4c0121afa22b4c3c346705a1204b57073 Mon Sep 17 00:00:00 2001
From: Stephen Griffin <sgriffin@outlook.com>
Date: Mon, 13 Jan 2025 13:02:00 -0500
Subject: [PATCH 10/19] save changes

---
 .../SmartViewTestData/In/ACECONTAINER-1.dat   |  1 +
 UnitTest/SmartViewTestData/In/ACEFB-1.dat     |  4 +
 .../SmartViewTestData/In/ACEMESSAGE-1.dat     |  4 +
 .../SmartViewTestData/In/ACEMESSAGE-2.dat     |  1 +
 UnitTest/SmartViewTestData/In/ACL-1.dat       |  9 ++
 UnitTest/SmartViewTestData/In/NTSD-1.dat      |  1 +
 UnitTest/SmartViewTestData/In/NTSD-2.dat      |  1 +
 UnitTest/SmartViewTestData/In/NTSD-3.dat      |  1 +
 UnitTest/SmartViewTestData/In/NTSD-4.dat      |  1 +
 .../Out/ACECONTAINER-out-1.dat                | 21 ++++
 .../SmartViewTestData/Out/ACEFB-out-1.dat     | 16 +++
 .../Out/ACEMESSAGE-out-1.dat                  | 16 +++
 .../Out/ACEMESSAGE-out-2.dat                  | 13 +++
 UnitTest/SmartViewTestData/Out/ACL-out-1.dat  |  9 ++
 UnitTest/SmartViewTestData/Out/NTSD-out-1.dat | 41 ++++++++
 UnitTest/SmartViewTestData/Out/NTSD-out-2.dat | 17 ++++
 UnitTest/SmartViewTestData/Out/NTSD-out-3.dat |  5 +
 UnitTest/SmartViewTestData/Out/NTSD-out-4.dat |  5 +
 core/smartview/SD/ACEBin.cpp                  | 81 +++++++++++++++
 core/smartview/SD/ACEBin.h                    | 42 ++++++++
 core/smartview/SD/ACLBin.cpp                  | 24 +++++
 core/smartview/SD/ACLBin.h                    | 24 +++++
 core/smartview/SD/NTSD.cpp                    | 98 +++++++++++++++++++
 core/smartview/SD/NTSD.h                      | 51 ++++++++++
 24 files changed, 486 insertions(+)
 create mode 100644 UnitTest/SmartViewTestData/In/ACECONTAINER-1.dat
 create mode 100644 UnitTest/SmartViewTestData/In/ACEFB-1.dat
 create mode 100644 UnitTest/SmartViewTestData/In/ACEMESSAGE-1.dat
 create mode 100644 UnitTest/SmartViewTestData/In/ACEMESSAGE-2.dat
 create mode 100644 UnitTest/SmartViewTestData/In/ACL-1.dat
 create mode 100644 UnitTest/SmartViewTestData/In/NTSD-1.dat
 create mode 100644 UnitTest/SmartViewTestData/In/NTSD-2.dat
 create mode 100644 UnitTest/SmartViewTestData/In/NTSD-3.dat
 create mode 100644 UnitTest/SmartViewTestData/In/NTSD-4.dat
 create mode 100644 UnitTest/SmartViewTestData/Out/ACECONTAINER-out-1.dat
 create mode 100644 UnitTest/SmartViewTestData/Out/ACEFB-out-1.dat
 create mode 100644 UnitTest/SmartViewTestData/Out/ACEMESSAGE-out-1.dat
 create mode 100644 UnitTest/SmartViewTestData/Out/ACEMESSAGE-out-2.dat
 create mode 100644 UnitTest/SmartViewTestData/Out/ACL-out-1.dat
 create mode 100644 UnitTest/SmartViewTestData/Out/NTSD-out-1.dat
 create mode 100644 UnitTest/SmartViewTestData/Out/NTSD-out-2.dat
 create mode 100644 UnitTest/SmartViewTestData/Out/NTSD-out-3.dat
 create mode 100644 UnitTest/SmartViewTestData/Out/NTSD-out-4.dat
 create mode 100644 core/smartview/SD/ACEBin.cpp
 create mode 100644 core/smartview/SD/ACEBin.h
 create mode 100644 core/smartview/SD/ACLBin.cpp
 create mode 100644 core/smartview/SD/ACLBin.h
 create mode 100644 core/smartview/SD/NTSD.cpp
 create mode 100644 core/smartview/SD/NTSD.h

diff --git a/UnitTest/SmartViewTestData/In/ACECONTAINER-1.dat b/UnitTest/SmartViewTestData/In/ACECONTAINER-1.dat
new file mode 100644
index 000000000..cba248369
--- /dev/null
+++ b/UnitTest/SmartViewTestData/In/ACECONTAINER-1.dat
@@ -0,0 +1 @@
+00092400a9081200010500000000000515000000371a6c07352f372aad20fa5b01930100
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/In/ACEFB-1.dat b/UnitTest/SmartViewTestData/In/ACEFB-1.dat
new file mode 100644
index 000000000..8b6450044
--- /dev/null
+++ b/UnitTest/SmartViewTestData/In/ACEFB-1.dat
@@ -0,0 +1,4 @@
+06 1f 3800 03000000 ffffffff
+0A0D0200-0000-0000-C000-000000000046
+C02EBC53-53D9-CD11-9752-00AA004AE40E
+01 01 000000000005 0B000000
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/In/ACEMESSAGE-1.dat b/UnitTest/SmartViewTestData/In/ACEMESSAGE-1.dat
new file mode 100644
index 000000000..99bf9ebb9
--- /dev/null
+++ b/UnitTest/SmartViewTestData/In/ACEMESSAGE-1.dat
@@ -0,0 +1,4 @@
+05 1f 3800 a9081200 ffffffff
+0A0D0200-0000-0000-C000-000000000046
+C02EBC53-53D9-CD11-9752-00AA004AE40E
+FF 01 000000000005 0B000000
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/In/ACEMESSAGE-2.dat b/UnitTest/SmartViewTestData/In/ACEMESSAGE-2.dat
new file mode 100644
index 000000000..3ee63f83b
--- /dev/null
+++ b/UnitTest/SmartViewTestData/In/ACEMESSAGE-2.dat
@@ -0,0 +1 @@
+01 09 1400 a9081200 01 01 000000000005 0B000000
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/In/ACL-1.dat b/UnitTest/SmartViewTestData/In/ACL-1.dat
new file mode 100644
index 000000000..cbfd6d394
--- /dev/null
+++ b/UnitTest/SmartViewTestData/In/ACL-1.dat
@@ -0,0 +1,9 @@
+0200E000 0600 0000
+00 09 2400 A9081200 010500000000000515000000371A6C07352F372AAD20FA5B01930100
+01 09 2400 16071F00 010500000000000515000000371A6C07352F372AAD20FA5B01930100
+01 09 2400 BF0F1F00 010500000000000515000000271A6C07352F372AAD20FA5BAA830B00
+00 02 2400 A9081200 010500000000000515000000371A6C07352F372AAD20FA5B01930100
+01 02 2400 16C90D00 010500000000000515000000371A6C07352F372AAD20FA5B01930100
+01 02 2400 BFC91F00 010500000000000515000000271A6C07352F372AAD20FA5BAA830B00
+010100000000000512000000
+01020000000000052000000020020000
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/In/NTSD-1.dat b/UnitTest/SmartViewTestData/In/NTSD-1.dat
new file mode 100644
index 000000000..49001e52b
--- /dev/null
+++ b/UnitTest/SmartViewTestData/In/NTSD-1.dat
@@ -0,0 +1 @@
+080003000000000001000780F40000000001000000000000140000000200E0000600000000092400A9081200010500000000000515000000371A6C07352F372AAD20FA5B019301000109240016071F00010500000000000515000000371A6C07352F372AAD20FA5B0193010001092400BF0F1F00010500000000000515000000271A6C07352F372AAD20FA5BAA830B0000022400A9081200010500000000000515000000371A6C07352F372AAD20FA5B019301000102240016C90D00010500000000000515000000371A6C07352F372AAD20FA5B0193010001022400BFC91F00010500000000000515000000271A6C07352F372AAD20FA5BAA830B0001010000000000051200000001020000000000052000000020020000
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/In/NTSD-2.dat b/UnitTest/SmartViewTestData/In/NTSD-2.dat
new file mode 100644
index 000000000..b14298119
--- /dev/null
+++ b/UnitTest/SmartViewTestData/In/NTSD-2.dat
@@ -0,0 +1 @@
+08000300000000000100078064000000700000000000000014000000020050000200000001092400BF0F1F00010500000000000515000000271A6C07352F372AAD20FA5BAA830B0001022400BFC91F00010500000000000515000000271A6C07352F372AAD20FA5BAA830B0001010000000000051200000001020000000000052000000020020000
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/In/NTSD-3.dat b/UnitTest/SmartViewTestData/In/NTSD-3.dat
new file mode 100644
index 000000000..aeefc2e9d
--- /dev/null
+++ b/UnitTest/SmartViewTestData/In/NTSD-3.dat
@@ -0,0 +1 @@
+0800030000000000010007801C000000280000000000000014000000020008000000000001010000000000051200000001020000000000052000000020020000
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/In/NTSD-4.dat b/UnitTest/SmartViewTestData/In/NTSD-4.dat
new file mode 100644
index 000000000..a816f64a8
--- /dev/null
+++ b/UnitTest/SmartViewTestData/In/NTSD-4.dat
@@ -0,0 +1 @@
+B606B07ABB6079AB2082C760
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/Out/ACECONTAINER-out-1.dat b/UnitTest/SmartViewTestData/Out/ACECONTAINER-out-1.dat
new file mode 100644
index 000000000..4f5fc5492
--- /dev/null
+++ b/UnitTest/SmartViewTestData/Out/ACECONTAINER-out-1.dat
@@ -0,0 +1,21 @@
+ACE
+	Type: 0x00 = ACCESS_ALLOWED_ACE_TYPE
+	Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE
+	Size: 0x0024
+	Mask: 0x001208A9 = fsdrightListContents | fsdrightReadProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightViewItem | fsdrightReadControl | fsdrightSynchronize
+	SID
+		User: (no domain)\(no name)
+		Textual SID: S-1-5-21-124525111-708259637-1543119021-103169
+			Revision: 0x01
+			SubAuthorityCount: 0x05
+			IdentifierAuthority: SECURITY_NT_AUTHORITY
+			SubAuthority[0]
+				21 = 0x00000015
+			SubAuthority[1]
+				124525111 = 0x076C1A37
+			SubAuthority[2]
+				708259637 = 0x2A372F35
+			SubAuthority[3]
+				1543119021 = 0x5BFA20AD
+			SubAuthority[4]
+				103169 = 0x00019301
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/Out/ACEFB-out-1.dat b/UnitTest/SmartViewTestData/Out/ACEFB-out-1.dat
new file mode 100644
index 000000000..e68f5792c
--- /dev/null
+++ b/UnitTest/SmartViewTestData/Out/ACEFB-out-1.dat
@@ -0,0 +1,16 @@
+ACE
+	Type: 0x06 = ACCESS_DENIED_OBJECT_ACE_TYPE
+	Flags: 0x1F = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | NO_PROPAGATE_INHERIT_ACE | INHERIT_ONLY_ACE | INHERITED_ACE
+	Size: 0x0038
+	Mask: 0x00000003 = fsdrightFreeBusySimple | fsdrightFreeBusyDetailed
+	Flags: 0xFFFFFFFF
+	ObjectType: {00020D0A-0000-0000-C000-000000000046} = IID_CAPONE_PROF
+	InheritedObjectType: {53BC2EC0-D953-11CD-9752-00AA004AE40E} = GUID_Dilkie
+	SID
+		User: NT AUTHORITY\Authenticated Users
+		Textual SID: S-1-5-11
+			Revision: 0x01
+			SubAuthorityCount: 0x01
+			IdentifierAuthority: SECURITY_NT_AUTHORITY
+			SubAuthority[0]
+				11 = 0x0000000B
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/Out/ACEMESSAGE-out-1.dat b/UnitTest/SmartViewTestData/Out/ACEMESSAGE-out-1.dat
new file mode 100644
index 000000000..b521bad02
--- /dev/null
+++ b/UnitTest/SmartViewTestData/Out/ACEMESSAGE-out-1.dat
@@ -0,0 +1,16 @@
+ACE
+	Type: 0x05 = ACCESS_ALLOWED_OBJECT_ACE_TYPE
+	Flags: 0x1F = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | NO_PROPAGATE_INHERIT_ACE | INHERIT_ONLY_ACE | INHERITED_ACE
+	Size: 0x0038
+	Mask: 0x001208A9 = fsdrightReadBody | fsdrightReadProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightViewItem | fsdrightReadControl | fsdrightSynchronize
+	Flags: 0xFFFFFFFF
+	ObjectType: {00020D0A-0000-0000-C000-000000000046} = IID_CAPONE_PROF
+	InheritedObjectType: {53BC2EC0-D953-11CD-9752-00AA004AE40E} = GUID_Dilkie
+	SID
+		User: (no domain)\(no name)
+		Textual SID: (no SID)
+			Revision: 0xFF
+			SubAuthorityCount: 0x01
+			IdentifierAuthority: SECURITY_NT_AUTHORITY
+			SubAuthority[0]
+				11 = 0x0000000B
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/Out/ACEMESSAGE-out-2.dat b/UnitTest/SmartViewTestData/Out/ACEMESSAGE-out-2.dat
new file mode 100644
index 000000000..5c9656939
--- /dev/null
+++ b/UnitTest/SmartViewTestData/Out/ACEMESSAGE-out-2.dat
@@ -0,0 +1,13 @@
+ACE
+	Type: 0x01 = ACCESS_DENIED_ACE_TYPE
+	Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE
+	Size: 0x0014
+	Mask: 0x001208A9 = fsdrightReadBody | fsdrightReadProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightViewItem | fsdrightReadControl | fsdrightSynchronize
+	SID
+		User: NT AUTHORITY\Authenticated Users
+		Textual SID: S-1-5-11
+			Revision: 0x01
+			SubAuthorityCount: 0x01
+			IdentifierAuthority: SECURITY_NT_AUTHORITY
+			SubAuthority[0]
+				11 = 0x0000000B
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/Out/ACL-out-1.dat b/UnitTest/SmartViewTestData/Out/ACL-out-1.dat
new file mode 100644
index 000000000..cbfd6d394
--- /dev/null
+++ b/UnitTest/SmartViewTestData/Out/ACL-out-1.dat
@@ -0,0 +1,9 @@
+0200E000 0600 0000
+00 09 2400 A9081200 010500000000000515000000371A6C07352F372AAD20FA5B01930100
+01 09 2400 16071F00 010500000000000515000000371A6C07352F372AAD20FA5B01930100
+01 09 2400 BF0F1F00 010500000000000515000000271A6C07352F372AAD20FA5BAA830B00
+00 02 2400 A9081200 010500000000000515000000371A6C07352F372AAD20FA5B01930100
+01 02 2400 16C90D00 010500000000000515000000371A6C07352F372AAD20FA5B01930100
+01 02 2400 BFC91F00 010500000000000515000000271A6C07352F372AAD20FA5BAA830B00
+010100000000000512000000
+01020000000000052000000020020000
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/Out/NTSD-out-1.dat b/UnitTest/SmartViewTestData/Out/NTSD-out-1.dat
new file mode 100644
index 000000000..74f8ed472
--- /dev/null
+++ b/UnitTest/SmartViewTestData/Out/NTSD-out-1.dat
@@ -0,0 +1,41 @@
+Security Descriptor
+	Security Info
+		0x0
+	Security Version: 0x0003 = SECURITY_DESCRIPTOR_TRANSFER_VERSION
+	Descriptor
+	Account: (no domain)\(no name)
+ACE Type: 0x00 = ACCESS_ALLOWED_ACE_TYPE
+ACE Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE
+ACE Mask: 0x001208A9 = fsdrightReadBody | fsdrightReadProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightViewItem | fsdrightReadControl | fsdrightSynchronize
+ACE Size: 0x0024
+SID: S-1-5-21-124525111-708259637-1543119021-103169
+Account: (no domain)\(no name)
+ACE Type: 0x01 = ACCESS_DENIED_ACE_TYPE
+ACE Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE
+ACE Mask: 0x001F0716 = fsdrightWriteBody | fsdrightAppendMsg | fsdrightWriteProperty | fsdrightWriteAttributes | fsdrightWriteOwnProperty | fsdrightDeleteOwnItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize
+ACE Size: 0x0024
+SID: S-1-5-21-124525111-708259637-1543119021-103169
+Account: (no domain)\(no name)
+ACE Type: 0x01 = ACCESS_DENIED_ACE_TYPE
+ACE Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE
+ACE Mask: 0x001F0FBF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightWriteOwnProperty | fsdrightDeleteOwnItem | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize
+ACE Size: 0x0024
+SID: S-1-5-21-124525095-708259637-1543119021-754602
+Account: (no domain)\(no name)
+ACE Type: 0x00 = ACCESS_ALLOWED_ACE_TYPE
+ACE Flags: 0x02 = CONTAINER_INHERIT_ACE
+ACE Mask: 0x001208A9 = fsdrightReadBody | fsdrightReadProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightViewItem | fsdrightReadControl | fsdrightSynchronize
+ACE Size: 0x0024
+SID: S-1-5-21-124525111-708259637-1543119021-103169
+Account: (no domain)\(no name)
+ACE Type: 0x01 = ACCESS_DENIED_ACE_TYPE
+ACE Flags: 0x02 = CONTAINER_INHERIT_ACE
+ACE Mask: 0x000DC916 = fsdrightWriteBody | fsdrightAppendMsg | fsdrightWriteProperty | fsdrightWriteAttributes | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | 0xC000
+ACE Size: 0x0024
+SID: S-1-5-21-124525111-708259637-1543119021-103169
+Account: (no domain)\(no name)
+ACE Type: 0x01 = ACCESS_DENIED_ACE_TYPE
+ACE Flags: 0x02 = CONTAINER_INHERIT_ACE
+ACE Mask: 0x001FC9BF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize | 0xC000
+ACE Size: 0x0024
+SID: S-1-5-21-124525095-708259637-1543119021-754602
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/Out/NTSD-out-2.dat b/UnitTest/SmartViewTestData/Out/NTSD-out-2.dat
new file mode 100644
index 000000000..4e0b840fa
--- /dev/null
+++ b/UnitTest/SmartViewTestData/Out/NTSD-out-2.dat
@@ -0,0 +1,17 @@
+Security Descriptor
+	Security Info
+		0x0
+	Security Version: 0x0003 = SECURITY_DESCRIPTOR_TRANSFER_VERSION
+	Descriptor
+	Account: (no domain)\(no name)
+ACE Type: 0x01 = ACCESS_DENIED_ACE_TYPE
+ACE Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE
+ACE Mask: 0x001F0FBF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightWriteOwnProperty | fsdrightDeleteOwnItem | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize
+ACE Size: 0x0024
+SID: S-1-5-21-124525095-708259637-1543119021-754602
+Account: (no domain)\(no name)
+ACE Type: 0x01 = ACCESS_DENIED_ACE_TYPE
+ACE Flags: 0x02 = CONTAINER_INHERIT_ACE
+ACE Mask: 0x001FC9BF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize | 0xC000
+ACE Size: 0x0024
+SID: S-1-5-21-124525095-708259637-1543119021-754602
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/Out/NTSD-out-3.dat b/UnitTest/SmartViewTestData/Out/NTSD-out-3.dat
new file mode 100644
index 000000000..af9b3c80f
--- /dev/null
+++ b/UnitTest/SmartViewTestData/Out/NTSD-out-3.dat
@@ -0,0 +1,5 @@
+Security Descriptor
+	Security Info
+		0x0
+	Security Version: 0x0003 = SECURITY_DESCRIPTOR_TRANSFER_VERSION
+	Descriptor
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/Out/NTSD-out-4.dat b/UnitTest/SmartViewTestData/Out/NTSD-out-4.dat
new file mode 100644
index 000000000..3fe9a96f2
--- /dev/null
+++ b/UnitTest/SmartViewTestData/Out/NTSD-out-4.dat
@@ -0,0 +1,5 @@
+Security Descriptor
+	Security Info
+	Security Version: 0x7AB0 = 0x7AB0
+	Descriptor
+	This is not a valid security descriptor.
\ No newline at end of file
diff --git a/core/smartview/SD/ACEBin.cpp b/core/smartview/SD/ACEBin.cpp
new file mode 100644
index 000000000..c388dbbb6
--- /dev/null
+++ b/core/smartview/SD/ACEBin.cpp
@@ -0,0 +1,81 @@
+#include <core/stdafx.h>
+#include <core/smartview/SD/ACEBin.h>
+#include <core/interpret/flags.h>
+#include <core/mapi/extraPropTags.h>
+#include <core/interpret/guid.h>
+
+namespace smartview
+{
+	ACEBin::ACEBin(sid::aceType acetype) { this->acetype = acetype; }
+
+	void ACEBin::parse()
+	{
+		// Header
+		AceType = blockT<BYTE>::parse(parser);
+		AceFlags = blockT<BYTE>::parse(parser);
+		AceSize = blockT<WORD>::parse(parser);
+
+		// Specific ACE types
+		switch (AceType->getData())
+		{
+		case ACCESS_ALLOWED_ACE_TYPE: // ACCESS_ALLOWED_ACE
+			Mask = blockT<DWORD>::parse(parser);
+			SidStart = block::parse<SIDBin>(parser, false);
+			break;
+		case ACCESS_DENIED_ACE_TYPE: // ACCESS_DENIED_ACE
+			Mask = blockT<DWORD>::parse(parser);
+			SidStart = block::parse<SIDBin>(parser, false);
+			break;
+		case ACCESS_ALLOWED_OBJECT_ACE_TYPE: // ACCESS_ALLOWED_OBJECT_ACE
+			Mask = blockT<DWORD>::parse(parser);
+			Flags = blockT<DWORD>::parse(parser);
+			ObjectType = blockT<GUID>::parse(parser);
+			InheritedObjectType = blockT<GUID>::parse(parser);
+			SidStart = block::parse<SIDBin>(parser, false);
+			break;
+		case ACCESS_DENIED_OBJECT_ACE_TYPE: // ACCESS_DENIED_OBJECT_ACE
+			Mask = blockT<DWORD>::parse(parser);
+			Flags = blockT<DWORD>::parse(parser);
+			ObjectType = blockT<GUID>::parse(parser);
+			InheritedObjectType = blockT<GUID>::parse(parser);
+			SidStart = block::parse<SIDBin>(parser, false);
+			break;
+		}
+	};
+
+	void ACEBin::parseBlocks()
+	{
+		setText(L"ACE");
+		const auto aceType = AceType->getData();
+		auto szAceType = flags::InterpretFlags(flagACEType, aceType);
+		addChild(AceType, L"Type: 0x%1!02X! = %2!ws!", aceType, szAceType.c_str());
+		const auto aceFlags = AceFlags->getData();
+		auto szAceFlags = flags::InterpretFlags(flagACEFlag, aceFlags);
+		addChild(AceFlags, L"Flags: 0x%1!02X! = %2!ws!", aceFlags, szAceFlags.c_str());
+		addChild(AceSize, L"Size: 0x%1!04X!", AceSize->getData());
+
+		auto szAceMask = std::wstring{};
+		switch (acetype)
+		{
+		case sid::aceType::Container:
+			szAceMask = flags::InterpretFlags(flagACEMaskContainer, Mask->getData());
+			break;
+		case sid::aceType::Message:
+			szAceMask = flags::InterpretFlags(flagACEMaskNonContainer, Mask->getData());
+			break;
+		case sid::aceType::FreeBusy:
+			szAceMask = flags::InterpretFlags(flagACEMaskFreeBusy, Mask->getData());
+			break;
+		};
+		addChild(Mask, L"Mask: 0x%1!08X! = %2!ws!", Mask->getData(), szAceMask.c_str());
+
+		addChild(Flags, L"Flags: 0x%1!08X!", Flags->getData());
+
+		addChild(ObjectType, L"ObjectType: %1!ws!", guid::GUIDToStringAndName(ObjectType->getData()).c_str());
+		addChild(
+			InheritedObjectType,
+			L"InheritedObjectType: %1!ws!",
+			guid::GUIDToStringAndName(InheritedObjectType->getData()).c_str());
+		addChild(SidStart);
+	};
+} // namespace smartview
\ No newline at end of file
diff --git a/core/smartview/SD/ACEBin.h b/core/smartview/SD/ACEBin.h
new file mode 100644
index 000000000..ceba1e64c
--- /dev/null
+++ b/core/smartview/SD/ACEBin.h
@@ -0,0 +1,42 @@
+#pragma once
+#include <core/smartview/block/block.h>
+#include <core/smartview/block/blockBytes.h>
+#include <core/smartview/block/blockT.h>
+#include <core/interpret/sid.h>
+#include <core/smartview/SD/SIDBin.h>
+
+namespace smartview
+{
+	// [MS-DTYP] 2.4.4 ACE
+	// https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/d06e5a81-176e-46c6-9cf7-9137aad4455e
+	// [MS-DTYP] 2.4.4.1 ACE_HEADER
+	// https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/628ebb1d-c509-4ea0-a10f-77ef97ca4586
+	// [MS-DTYP] 2.4.4.2 ACCESS_ALLOWED_ACE
+	// https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/72e7c7ea-bc02-4c74-a619-818a16bf6adb
+	// [MS-DTYP] 2.4.4.3 ACCESS_ALLOWED_OBJECT_ACE
+	// https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/c79a383c-2b3f-4655-abe7-dcbb7ce0cfbe
+	// [MS-DTYP] 2.4.4.4 ACCESS_DENIED_ACE
+	// https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/b1e1321d-5816-4513-be67-b65d8ae52fe8
+	// [MS-DTYP] 2.4.4.5 ACCESS_DENIED_OBJECT_ACE
+	// https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/8720fcf3-865c-4557-97b1-0b3489a6c270
+
+	class ACEBin : public block
+	{
+	public:
+		ACEBin(sid::aceType acetype);
+
+	private:
+		sid::aceType acetype{sid::aceType::Message};
+		std::shared_ptr<blockT<BYTE>> AceType = emptyT<BYTE>();
+		std::shared_ptr<blockT<BYTE>> AceFlags = emptyT<BYTE>();
+		std::shared_ptr<blockT<WORD>> AceSize = emptyT<WORD>();
+		std::shared_ptr<blockT<DWORD>> Mask = emptyT<DWORD>();
+		std::shared_ptr<blockT<DWORD>> Flags = emptyT<DWORD>();
+		std::shared_ptr<blockT<GUID>> ObjectType = emptyT<GUID>();
+		std::shared_ptr<blockT<GUID>> InheritedObjectType = emptyT<GUID>();
+		std::shared_ptr<SIDBin> SidStart;
+
+		void parse() override;
+		void parseBlocks() override;
+	};
+} // namespace smartview
\ No newline at end of file
diff --git a/core/smartview/SD/ACLBin.cpp b/core/smartview/SD/ACLBin.cpp
new file mode 100644
index 000000000..eb4c0fc95
--- /dev/null
+++ b/core/smartview/SD/ACLBin.cpp
@@ -0,0 +1,24 @@
+#include <core/stdafx.h>
+#include <core/smartview/SD/ACLBin.h>
+
+namespace smartview
+{
+	void ACLBin::parse()
+	{
+		Revision = blockT<BYTE>::parse(parser);
+		Sbz1 = blockT<BYTE>::parse(parser);
+		AclSize = blockT<WORD>::parse(parser);
+		AceCount = blockT<WORD>::parse(parser);
+		Sbz2 = blockT<WORD>::parse(parser);
+	};
+
+	void ACLBin::parseBlocks()
+	{
+		setText(L"ACL");
+		addChild(Revision, L"Revision: 0x%1!02X!", Revision->getData());
+		addChild(Sbz1, L"Sbz1: 0x%1!02X!", Sbz1->getData());
+		addChild(AclSize, L"AclSize: 0x%1!04X!", AclSize->getData());
+		addChild(AceCount, L"AceCount: 0x%1!04X!", AceCount->getData());
+		addChild(Sbz2, L"Sbz2: 0x%1!04X!", Sbz2->getData());
+	};
+} // namespace smartview
\ No newline at end of file
diff --git a/core/smartview/SD/ACLBin.h b/core/smartview/SD/ACLBin.h
new file mode 100644
index 000000000..3a989a808
--- /dev/null
+++ b/core/smartview/SD/ACLBin.h
@@ -0,0 +1,24 @@
+#pragma once
+#include <core/smartview/block/block.h>
+#include <core/smartview/block/blockBytes.h>
+#include <core/smartview/block/blockT.h>
+#include <core/smartview/SD/ACEBin.h>
+
+namespace smartview
+{
+	// [MS-DTYP] 2.4.5 ACL
+	// https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/32d72257-0e7c-4782-bc2a-405af4d5469d
+	class ACLBin : public block
+	{
+	private:
+		std::shared_ptr<blockT<BYTE>> Revision = emptyT<BYTE>();
+		std::shared_ptr<blockT<BYTE>> Sbz1 = emptyT<BYTE>();
+		std::shared_ptr<blockT<WORD>> AclSize = emptyT<WORD>();
+		std::shared_ptr<blockT<WORD>> AceCount = emptyT<WORD>();
+		std::shared_ptr<blockT<WORD>> Sbz2 = emptyT<WORD>();
+		std::vector<std::shared_ptr<ACEBin>> ace;
+
+		void parse() override;
+		void parseBlocks() override;
+	};
+} // namespace smartview
\ No newline at end of file
diff --git a/core/smartview/SD/NTSD.cpp b/core/smartview/SD/NTSD.cpp
new file mode 100644
index 000000000..447283e09
--- /dev/null
+++ b/core/smartview/SD/NTSD.cpp
@@ -0,0 +1,98 @@
+#include <core/stdafx.h>
+#include <core/smartview/SD/NTSD.h>
+#include <core/smartview/SD/SIDBin.h>
+#include <core/mapi/extraPropTags.h>
+#include <core/interpret/flags.h>
+#include <core/interpret/sid.h>
+#include <core/mapi/mapiFunctions.h>
+
+namespace smartview
+{
+	void NTSD::parse()
+	{
+		// Grab a parser at the start to pass to NT functions
+		const auto sdRoot = parser->getOffset();
+		m_SDbin = blockBytes::parse(parser, parser->getSize());
+		parser->setOffset(sdRoot);
+
+		Revision = blockT<BYTE>::parse(parser);
+		Sbz1 = blockT<BYTE>::parse(parser);
+		Control = blockT<WORD>::parse(parser);
+		OffsetOwner = blockT<DWORD>::parse(parser);
+		auto newOffset = OffsetOwner->getData();
+		if (newOffset && newOffset < m_SDbin->size())
+		{
+			const auto originalOffset = parser->getOffset();
+			parser->setOffset(newOffset);
+			block::parse<SIDBin>(parser, false);
+			parser->setOffset(originalOffset);
+		}
+
+		OffsetGroup = blockT<DWORD>::parse(parser);
+		newOffset = OffsetGroup->getData();
+		if (newOffset && newOffset < m_SDbin->size())
+		{
+			const auto originalOffset = parser->getOffset();
+			parser->setOffset(newOffset);
+			block::parse<SIDBin>(parser, false);
+			parser->setOffset(originalOffset);
+		}
+
+		OffsetSacl = blockT<DWORD>::parse(parser);
+		newOffset = OffsetSacl->getData();
+		if (newOffset && newOffset < m_SDbin->size())
+		{
+			const auto originalOffset = parser->getOffset();
+			parser->setOffset(newOffset);
+			Sacl = block::parse<ACLBin>(parser, false);
+			parser->setOffset(originalOffset);
+		}
+
+		OffsetDacl = blockT<DWORD>::parse(parser);
+		newOffset = OffsetDacl->getData();
+		if (newOffset && newOffset < m_SDbin->size())
+		{
+			const auto originalOffset = parser->getOffset();
+			parser->setOffset(newOffset);
+			Dacl = block::parse<ACLBin>(parser, false);
+			parser->setOffset(originalOffset);
+		}
+	}
+
+	void NTSD::parseBlocks()
+	{
+		setText(L"PR_NT_SECURITY_DESCRIPTOR");
+
+		addChild(Revision, L"Revision: 0x%1!02X!", Revision->getData());
+		addChild(Sbz1, L"Sbz1: 0x%1!02X!", Sbz1->getData());
+		addChild(Control, L"Control: 0x%1!04X!", Control->getData());
+		addChild(OffsetOwner, L"OffsetOwner: 0x%1!08X!", OffsetOwner->getData());
+		addChild(OffsetGroup, L"OffsetGroup: 0x%1!08X!", OffsetGroup->getData());
+		addChild(OffsetSacl, L"OffsetSacl: 0x%1!08X!", OffsetSacl->getData());
+		if (Sacl) addChild(Sacl);
+		addChild(OffsetDacl, L"OffsetDacl: 0x%1!08X!", OffsetDacl->getData());
+		if (Dacl) addChild(Dacl);
+
+		if (m_SDbin)
+		{
+			// TODO: more accurately break this parsing into blocks with proper offsets
+			const auto sd = SDToString(*m_SDbin, acetype);
+			auto si = create(L"Security Info");
+			addChild(si);
+			if (!sd.info.empty())
+			{
+				si->addChild(m_SDbin, sd.info);
+			}
+
+			if (m_SDbin->size() >= 2 * sizeof(WORD))
+			{
+				const auto sdVersion = SECURITY_DESCRIPTOR_VERSION(m_SDbin->data());
+				auto szFlags = flags::InterpretFlags(flagSecurityVersion, sdVersion);
+				addHeader(L"Security Version: 0x%1!04X! = %2!ws!", sdVersion, szFlags.c_str());
+			}
+
+			addHeader(L"Descriptor");
+			addHeader(sd.dacl);
+		}
+	}
+} // namespace smartview
\ No newline at end of file
diff --git a/core/smartview/SD/NTSD.h b/core/smartview/SD/NTSD.h
new file mode 100644
index 000000000..5660aef96
--- /dev/null
+++ b/core/smartview/SD/NTSD.h
@@ -0,0 +1,51 @@
+#pragma once
+#include <core/smartview/block/block.h>
+#include <core/smartview/block/blockBytes.h>
+//#include <core/smartview/block/blockStringW.h>
+#include <core/smartview/block/blockT.h>
+#include <core/interpret/sid.h>
+#include <core/smartview/SD/NTSD.h>
+#include <core/smartview/SD/ACLBin.h>
+
+namespace smartview
+{
+	// PR_NT_SECURITY_DESCRIPTOR
+	// https://github.com/microsoft/MAPIStubLibrary/blob/main/include/EdkMdb.h
+	//
+	//	Transfer version for PR_NT_SECURITY_DESCRIPTOR.
+	//
+	//	When retrieving the security descriptor for an object, the SD returned is
+	//	actually composed of the following structure:
+	//
+	//		2 BYTES					Padding data length (including version)
+	//		2 BYTES					Version
+	//		4 BYTES					Security Information (for SetPrivateObjectSecurity)
+	//		<0 or more>
+	//			2 BYTES					Property Tag
+	//			16 BYTES				Named Property GUID
+	//			1 BYTE					Named property "kind"
+	//			if (kind == MNID_ID)
+	//				4 BYTES				Named property ID
+	//			else
+	//				<null terminated property name in UNICODE!!!!!>
+	//		Actual Security Descriptor
+	class NTSD : public block
+	{
+	private:
+		void parse() override;
+		void parseBlocks() override;
+
+		sid::aceType acetype{sid::aceType::Message};
+		std::shared_ptr<blockBytes> m_SDbin = emptyBB();
+
+		std::shared_ptr<blockT<BYTE>> Revision = emptyT<BYTE>();
+		std::shared_ptr<blockT<BYTE>> Sbz1 = emptyT<BYTE>();
+		std::shared_ptr<blockT<WORD>> Control = emptyT<WORD>();
+		std::shared_ptr<blockT<DWORD>> OffsetOwner = emptyT<DWORD>();
+		std::shared_ptr<blockT<DWORD>> OffsetGroup = emptyT<DWORD>();
+		std::shared_ptr<blockT<DWORD>> OffsetSacl = emptyT<DWORD>();
+		std::shared_ptr<ACLBin> Sacl;
+		std::shared_ptr<blockT<DWORD>> OffsetDacl = emptyT<DWORD>();
+		std::shared_ptr<ACLBin> Dacl;
+	};
+} // namespace smartview
\ No newline at end of file

From 1a270d8410fa258b968e4ed19952c8be5e49f7ff Mon Sep 17 00:00:00 2001
From: Stephen Griffin <sgriffin@outlook.com>
Date: Wed, 15 Jan 2025 09:48:50 -0500
Subject: [PATCH 11/19] stub in ntsd to pass test cases (still todo
 conversion), finish sdbin, sidBin, aclBin

---
 UnitTest/SmartViewTestData/In/ACL-1.dat       |   4 +-
 UnitTest/SmartViewTestData/In/SID-6.dat       |   1 +
 UnitTest/SmartViewTestData/In/SID-7.dat       |   1 +
 .../Out/ACECONTAINER-out-1.dat                |  15 +-
 .../SmartViewTestData/Out/ACEFB-out-1.dat     |   3 +-
 .../Out/ACEMESSAGE-out-1.dat                  |   5 +-
 .../Out/ACEMESSAGE-out-2.dat                  |   3 +-
 UnitTest/SmartViewTestData/Out/ACL-out-1.dat  | 111 +++++++++++-
 UnitTest/SmartViewTestData/Out/NTSD-out-1.dat |   2 +-
 UnitTest/SmartViewTestData/Out/NTSD-out-2.dat |   2 +-
 UnitTest/SmartViewTestData/Out/NTSD-out-3.dat |   2 +-
 UnitTest/SmartViewTestData/Out/NTSD-out-4.dat |   2 +-
 .../Out/SECURITYDESCRIPTOR-out-1.dat          | 164 ++++++++++++++----
 UnitTest/SmartViewTestData/Out/SID-out-2.dat  |  15 +-
 UnitTest/SmartViewTestData/Out/SID-out-3.dat  |   3 +-
 UnitTest/SmartViewTestData/Out/SID-out-4.dat  |   3 +-
 UnitTest/SmartViewTestData/Out/SID-out-5.dat  |   3 +-
 UnitTest/SmartViewTestData/Out/SID-out-6.dat  |   7 +
 UnitTest/SmartViewTestData/Out/SID-out-7.dat  |  13 ++
 core/interpret/sid.cpp                        |  28 +++
 core/interpret/sid.h                          |   1 +
 core/smartview/SD/ACLBin.cpp                  |  12 ++
 core/smartview/SD/ACLBin.h                    |   2 +-
 core/smartview/SD/NTSD.cpp                    |  72 ++------
 core/smartview/SD/NTSD.h                      |  11 --
 core/smartview/SD/SDBin.cpp                   |  67 +++----
 core/smartview/SD/SDBin.h                     |  18 +-
 core/smartview/SD/SIDBin.cpp                  |  64 ++++++-
 core/smartview/SD/SIDBin.h                    |   9 +
 core/smartview/SmartView.cpp                  |   6 +-
 30 files changed, 453 insertions(+), 196 deletions(-)
 create mode 100644 UnitTest/SmartViewTestData/In/SID-6.dat
 create mode 100644 UnitTest/SmartViewTestData/In/SID-7.dat
 create mode 100644 UnitTest/SmartViewTestData/Out/SID-out-6.dat
 create mode 100644 UnitTest/SmartViewTestData/Out/SID-out-7.dat

diff --git a/UnitTest/SmartViewTestData/In/ACL-1.dat b/UnitTest/SmartViewTestData/In/ACL-1.dat
index cbfd6d394..b140ac32f 100644
--- a/UnitTest/SmartViewTestData/In/ACL-1.dat
+++ b/UnitTest/SmartViewTestData/In/ACL-1.dat
@@ -4,6 +4,4 @@
 01 09 2400 BF0F1F00 010500000000000515000000271A6C07352F372AAD20FA5BAA830B00
 00 02 2400 A9081200 010500000000000515000000371A6C07352F372AAD20FA5B01930100
 01 02 2400 16C90D00 010500000000000515000000371A6C07352F372AAD20FA5B01930100
-01 02 2400 BFC91F00 010500000000000515000000271A6C07352F372AAD20FA5BAA830B00
-010100000000000512000000
-01020000000000052000000020020000
\ No newline at end of file
+01 02 2400 BFC91F00 010500000000000515000000271A6C07352F372AAD20FA5BAA830B00
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/In/SID-6.dat b/UnitTest/SmartViewTestData/In/SID-6.dat
new file mode 100644
index 000000000..b87983f47
--- /dev/null
+++ b/UnitTest/SmartViewTestData/In/SID-6.dat
@@ -0,0 +1 @@
+FF 01 000000000005 0B000000
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/In/SID-7.dat b/UnitTest/SmartViewTestData/In/SID-7.dat
new file mode 100644
index 000000000..a0b900326
--- /dev/null
+++ b/UnitTest/SmartViewTestData/In/SID-7.dat
@@ -0,0 +1 @@
+010500000000000515000000A065CF7E784B9B5FE77C8770E7871F00123456
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/Out/ACECONTAINER-out-1.dat b/UnitTest/SmartViewTestData/Out/ACECONTAINER-out-1.dat
index 4f5fc5492..28cf519a4 100644
--- a/UnitTest/SmartViewTestData/Out/ACECONTAINER-out-1.dat
+++ b/UnitTest/SmartViewTestData/Out/ACECONTAINER-out-1.dat
@@ -9,13 +9,8 @@ ACE
 			Revision: 0x01
 			SubAuthorityCount: 0x05
 			IdentifierAuthority: SECURITY_NT_AUTHORITY
-			SubAuthority[0]
-				21 = 0x00000015
-			SubAuthority[1]
-				124525111 = 0x076C1A37
-			SubAuthority[2]
-				708259637 = 0x2A372F35
-			SubAuthority[3]
-				1543119021 = 0x5BFA20AD
-			SubAuthority[4]
-				103169 = 0x00019301
\ No newline at end of file
+			SubAuthority[0]: 21 = 0x00000015
+			SubAuthority[1]: 124525111 = 0x076C1A37
+			SubAuthority[2]: 708259637 = 0x2A372F35
+			SubAuthority[3]: 1543119021 = 0x5BFA20AD
+			SubAuthority[4]: 103169 = 0x00019301
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/Out/ACEFB-out-1.dat b/UnitTest/SmartViewTestData/Out/ACEFB-out-1.dat
index e68f5792c..d900892de 100644
--- a/UnitTest/SmartViewTestData/Out/ACEFB-out-1.dat
+++ b/UnitTest/SmartViewTestData/Out/ACEFB-out-1.dat
@@ -12,5 +12,4 @@ ACE
 			Revision: 0x01
 			SubAuthorityCount: 0x01
 			IdentifierAuthority: SECURITY_NT_AUTHORITY
-			SubAuthority[0]
-				11 = 0x0000000B
\ No newline at end of file
+			SubAuthority[0]: 11 = 0x0000000B
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/Out/ACEMESSAGE-out-1.dat b/UnitTest/SmartViewTestData/Out/ACEMESSAGE-out-1.dat
index b521bad02..39e568f33 100644
--- a/UnitTest/SmartViewTestData/Out/ACEMESSAGE-out-1.dat
+++ b/UnitTest/SmartViewTestData/Out/ACEMESSAGE-out-1.dat
@@ -8,9 +8,8 @@ ACE
 	InheritedObjectType: {53BC2EC0-D953-11CD-9752-00AA004AE40E} = GUID_Dilkie
 	SID
 		User: (no domain)\(no name)
-		Textual SID: (no SID)
+		Textual SID: S-255-5-11
 			Revision: 0xFF
 			SubAuthorityCount: 0x01
 			IdentifierAuthority: SECURITY_NT_AUTHORITY
-			SubAuthority[0]
-				11 = 0x0000000B
\ No newline at end of file
+			SubAuthority[0]: 11 = 0x0000000B
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/Out/ACEMESSAGE-out-2.dat b/UnitTest/SmartViewTestData/Out/ACEMESSAGE-out-2.dat
index 5c9656939..fc684269a 100644
--- a/UnitTest/SmartViewTestData/Out/ACEMESSAGE-out-2.dat
+++ b/UnitTest/SmartViewTestData/Out/ACEMESSAGE-out-2.dat
@@ -9,5 +9,4 @@ ACE
 			Revision: 0x01
 			SubAuthorityCount: 0x01
 			IdentifierAuthority: SECURITY_NT_AUTHORITY
-			SubAuthority[0]
-				11 = 0x0000000B
\ No newline at end of file
+			SubAuthority[0]: 11 = 0x0000000B
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/Out/ACL-out-1.dat b/UnitTest/SmartViewTestData/Out/ACL-out-1.dat
index cbfd6d394..02141c557 100644
--- a/UnitTest/SmartViewTestData/Out/ACL-out-1.dat
+++ b/UnitTest/SmartViewTestData/Out/ACL-out-1.dat
@@ -1,9 +1,102 @@
-0200E000 0600 0000
-00 09 2400 A9081200 010500000000000515000000371A6C07352F372AAD20FA5B01930100
-01 09 2400 16071F00 010500000000000515000000371A6C07352F372AAD20FA5B01930100
-01 09 2400 BF0F1F00 010500000000000515000000271A6C07352F372AAD20FA5BAA830B00
-00 02 2400 A9081200 010500000000000515000000371A6C07352F372AAD20FA5B01930100
-01 02 2400 16C90D00 010500000000000515000000371A6C07352F372AAD20FA5B01930100
-01 02 2400 BFC91F00 010500000000000515000000271A6C07352F372AAD20FA5BAA830B00
-010100000000000512000000
-01020000000000052000000020020000
\ No newline at end of file
+ACL
+	Revision: 0x02
+	Sbz1: 0x00
+	AclSize: 0x00E0
+	AceCount: 0x0006
+	Sbz2: 0x0000
+	ACE
+		Type: 0x00 = ACCESS_ALLOWED_ACE_TYPE
+		Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE
+		Size: 0x0024
+		Mask: 0x001208A9 = fsdrightReadBody | fsdrightReadProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightViewItem | fsdrightReadControl | fsdrightSynchronize
+		SID
+			User: (no domain)\(no name)
+			Textual SID: S-1-5-21-124525111-708259637-1543119021-103169
+				Revision: 0x01
+				SubAuthorityCount: 0x05
+				IdentifierAuthority: SECURITY_NT_AUTHORITY
+				SubAuthority[0]: 21 = 0x00000015
+				SubAuthority[1]: 124525111 = 0x076C1A37
+				SubAuthority[2]: 708259637 = 0x2A372F35
+				SubAuthority[3]: 1543119021 = 0x5BFA20AD
+				SubAuthority[4]: 103169 = 0x00019301
+	ACE
+		Type: 0x01 = ACCESS_DENIED_ACE_TYPE
+		Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE
+		Size: 0x0024
+		Mask: 0x001F0716 = fsdrightWriteBody | fsdrightAppendMsg | fsdrightWriteProperty | fsdrightWriteAttributes | fsdrightWriteOwnProperty | fsdrightDeleteOwnItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize
+		SID
+			User: (no domain)\(no name)
+			Textual SID: S-1-5-21-124525111-708259637-1543119021-103169
+				Revision: 0x01
+				SubAuthorityCount: 0x05
+				IdentifierAuthority: SECURITY_NT_AUTHORITY
+				SubAuthority[0]: 21 = 0x00000015
+				SubAuthority[1]: 124525111 = 0x076C1A37
+				SubAuthority[2]: 708259637 = 0x2A372F35
+				SubAuthority[3]: 1543119021 = 0x5BFA20AD
+				SubAuthority[4]: 103169 = 0x00019301
+	ACE
+		Type: 0x01 = ACCESS_DENIED_ACE_TYPE
+		Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE
+		Size: 0x0024
+		Mask: 0x001F0FBF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightWriteOwnProperty | fsdrightDeleteOwnItem | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize
+		SID
+			User: (no domain)\(no name)
+			Textual SID: S-1-5-21-124525095-708259637-1543119021-754602
+				Revision: 0x01
+				SubAuthorityCount: 0x05
+				IdentifierAuthority: SECURITY_NT_AUTHORITY
+				SubAuthority[0]: 21 = 0x00000015
+				SubAuthority[1]: 124525095 = 0x076C1A27
+				SubAuthority[2]: 708259637 = 0x2A372F35
+				SubAuthority[3]: 1543119021 = 0x5BFA20AD
+				SubAuthority[4]: 754602 = 0x000B83AA
+	ACE
+		Type: 0x00 = ACCESS_ALLOWED_ACE_TYPE
+		Flags: 0x02 = CONTAINER_INHERIT_ACE
+		Size: 0x0024
+		Mask: 0x001208A9 = fsdrightReadBody | fsdrightReadProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightViewItem | fsdrightReadControl | fsdrightSynchronize
+		SID
+			User: (no domain)\(no name)
+			Textual SID: S-1-5-21-124525111-708259637-1543119021-103169
+				Revision: 0x01
+				SubAuthorityCount: 0x05
+				IdentifierAuthority: SECURITY_NT_AUTHORITY
+				SubAuthority[0]: 21 = 0x00000015
+				SubAuthority[1]: 124525111 = 0x076C1A37
+				SubAuthority[2]: 708259637 = 0x2A372F35
+				SubAuthority[3]: 1543119021 = 0x5BFA20AD
+				SubAuthority[4]: 103169 = 0x00019301
+	ACE
+		Type: 0x01 = ACCESS_DENIED_ACE_TYPE
+		Flags: 0x02 = CONTAINER_INHERIT_ACE
+		Size: 0x0024
+		Mask: 0x000DC916 = fsdrightWriteBody | fsdrightAppendMsg | fsdrightWriteProperty | fsdrightWriteAttributes | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | 0xC000
+		SID
+			User: (no domain)\(no name)
+			Textual SID: S-1-5-21-124525111-708259637-1543119021-103169
+				Revision: 0x01
+				SubAuthorityCount: 0x05
+				IdentifierAuthority: SECURITY_NT_AUTHORITY
+				SubAuthority[0]: 21 = 0x00000015
+				SubAuthority[1]: 124525111 = 0x076C1A37
+				SubAuthority[2]: 708259637 = 0x2A372F35
+				SubAuthority[3]: 1543119021 = 0x5BFA20AD
+				SubAuthority[4]: 103169 = 0x00019301
+	ACE
+		Type: 0x01 = ACCESS_DENIED_ACE_TYPE
+		Flags: 0x02 = CONTAINER_INHERIT_ACE
+		Size: 0x0024
+		Mask: 0x001FC9BF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize | 0xC000
+		SID
+			User: (no domain)\(no name)
+			Textual SID: S-1-5-21-124525095-708259637-1543119021-754602
+				Revision: 0x01
+				SubAuthorityCount: 0x05
+				IdentifierAuthority: SECURITY_NT_AUTHORITY
+				SubAuthority[0]: 21 = 0x00000015
+				SubAuthority[1]: 124525095 = 0x076C1A27
+				SubAuthority[2]: 708259637 = 0x2A372F35
+				SubAuthority[3]: 1543119021 = 0x5BFA20AD
+				SubAuthority[4]: 754602 = 0x000B83AA
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/Out/NTSD-out-1.dat b/UnitTest/SmartViewTestData/Out/NTSD-out-1.dat
index 74f8ed472..0894e73c5 100644
--- a/UnitTest/SmartViewTestData/Out/NTSD-out-1.dat
+++ b/UnitTest/SmartViewTestData/Out/NTSD-out-1.dat
@@ -1,4 +1,4 @@
-Security Descriptor
+PR_NT_SECURITY_DESCRIPTOR
 	Security Info
 		0x0
 	Security Version: 0x0003 = SECURITY_DESCRIPTOR_TRANSFER_VERSION
diff --git a/UnitTest/SmartViewTestData/Out/NTSD-out-2.dat b/UnitTest/SmartViewTestData/Out/NTSD-out-2.dat
index 4e0b840fa..037489d31 100644
--- a/UnitTest/SmartViewTestData/Out/NTSD-out-2.dat
+++ b/UnitTest/SmartViewTestData/Out/NTSD-out-2.dat
@@ -1,4 +1,4 @@
-Security Descriptor
+PR_NT_SECURITY_DESCRIPTOR
 	Security Info
 		0x0
 	Security Version: 0x0003 = SECURITY_DESCRIPTOR_TRANSFER_VERSION
diff --git a/UnitTest/SmartViewTestData/Out/NTSD-out-3.dat b/UnitTest/SmartViewTestData/Out/NTSD-out-3.dat
index af9b3c80f..d4917aa54 100644
--- a/UnitTest/SmartViewTestData/Out/NTSD-out-3.dat
+++ b/UnitTest/SmartViewTestData/Out/NTSD-out-3.dat
@@ -1,4 +1,4 @@
-Security Descriptor
+PR_NT_SECURITY_DESCRIPTOR
 	Security Info
 		0x0
 	Security Version: 0x0003 = SECURITY_DESCRIPTOR_TRANSFER_VERSION
diff --git a/UnitTest/SmartViewTestData/Out/NTSD-out-4.dat b/UnitTest/SmartViewTestData/Out/NTSD-out-4.dat
index 3fe9a96f2..ee1c483ea 100644
--- a/UnitTest/SmartViewTestData/Out/NTSD-out-4.dat
+++ b/UnitTest/SmartViewTestData/Out/NTSD-out-4.dat
@@ -1,4 +1,4 @@
-Security Descriptor
+PR_NT_SECURITY_DESCRIPTOR
 	Security Info
 	Security Version: 0x7AB0 = 0x7AB0
 	Descriptor
diff --git a/UnitTest/SmartViewTestData/Out/SECURITYDESCRIPTOR-out-1.dat b/UnitTest/SmartViewTestData/Out/SECURITYDESCRIPTOR-out-1.dat
index 66f9911bc..d93aa2934 100644
--- a/UnitTest/SmartViewTestData/Out/SECURITYDESCRIPTOR-out-1.dat
+++ b/UnitTest/SmartViewTestData/Out/SECURITYDESCRIPTOR-out-1.dat
@@ -1,38 +1,128 @@
 Security Descriptor
-	Descriptor
-	Account: (no domain)\(no name)
-ACE Type: 0x00 = ACCESS_ALLOWED_ACE_TYPE
-ACE Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE
-ACE Mask: 0x001208A9 = fsdrightReadBody | fsdrightReadProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightViewItem | fsdrightReadControl | fsdrightSynchronize
-ACE Size: 0x0024
-SID: S-1-5-21-124525111-708259637-1543119021-103169
-Account: (no domain)\(no name)
-ACE Type: 0x01 = ACCESS_DENIED_ACE_TYPE
-ACE Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE
-ACE Mask: 0x001F0716 = fsdrightWriteBody | fsdrightAppendMsg | fsdrightWriteProperty | fsdrightWriteAttributes | fsdrightWriteOwnProperty | fsdrightDeleteOwnItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize
-ACE Size: 0x0024
-SID: S-1-5-21-124525111-708259637-1543119021-103169
-Account: (no domain)\(no name)
-ACE Type: 0x01 = ACCESS_DENIED_ACE_TYPE
-ACE Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE
-ACE Mask: 0x001F0FBF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightWriteOwnProperty | fsdrightDeleteOwnItem | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize
-ACE Size: 0x0024
-SID: S-1-5-21-124525095-708259637-1543119021-754602
-Account: (no domain)\(no name)
-ACE Type: 0x00 = ACCESS_ALLOWED_ACE_TYPE
-ACE Flags: 0x02 = CONTAINER_INHERIT_ACE
-ACE Mask: 0x001208A9 = fsdrightReadBody | fsdrightReadProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightViewItem | fsdrightReadControl | fsdrightSynchronize
-ACE Size: 0x0024
-SID: S-1-5-21-124525111-708259637-1543119021-103169
-Account: (no domain)\(no name)
-ACE Type: 0x01 = ACCESS_DENIED_ACE_TYPE
-ACE Flags: 0x02 = CONTAINER_INHERIT_ACE
-ACE Mask: 0x000DC916 = fsdrightWriteBody | fsdrightAppendMsg | fsdrightWriteProperty | fsdrightWriteAttributes | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | 0xC000
-ACE Size: 0x0024
-SID: S-1-5-21-124525111-708259637-1543119021-103169
-Account: (no domain)\(no name)
-ACE Type: 0x01 = ACCESS_DENIED_ACE_TYPE
-ACE Flags: 0x02 = CONTAINER_INHERIT_ACE
-ACE Mask: 0x001FC9BF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize | 0xC000
-ACE Size: 0x0024
-SID: S-1-5-21-124525095-708259637-1543119021-754602
\ No newline at end of file
+	Revision: 0x01
+	Sbz1: 0x00
+	Control: 0x8007
+	OffsetOwner: 0x000000F4
+	OffsetGroup: 0x00000100
+	OffsetSacl: 0x00000000
+	OffsetDacl: 0x00000014
+	OwnerSid
+		SID
+			User: NT AUTHORITY\SYSTEM
+			Textual SID: S-1-5-18
+				Revision: 0x01
+				SubAuthorityCount: 0x01
+				IdentifierAuthority: SECURITY_NT_AUTHORITY
+				SubAuthority[0]: 18 = 0x00000012
+	GroupSid
+		SID
+			User: BUILTIN\Administrators
+			Textual SID: S-1-5-32-544
+				Revision: 0x01
+				SubAuthorityCount: 0x02
+				IdentifierAuthority: SECURITY_NT_AUTHORITY
+				SubAuthority[0]: 32 = 0x00000020
+				SubAuthority[1]: 544 = 0x00000220
+	Dacl
+		ACL
+			Revision: 0x02
+			Sbz1: 0x00
+			AclSize: 0x00E0
+			AceCount: 0x0006
+			Sbz2: 0x0000
+			ACE
+				Type: 0x00 = ACCESS_ALLOWED_ACE_TYPE
+				Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE
+				Size: 0x0024
+				Mask: 0x001208A9 = fsdrightReadBody | fsdrightReadProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightViewItem | fsdrightReadControl | fsdrightSynchronize
+				SID
+					User: (no domain)\(no name)
+					Textual SID: S-1-5-21-124525111-708259637-1543119021-103169
+						Revision: 0x01
+						SubAuthorityCount: 0x05
+						IdentifierAuthority: SECURITY_NT_AUTHORITY
+						SubAuthority[0]: 21 = 0x00000015
+						SubAuthority[1]: 124525111 = 0x076C1A37
+						SubAuthority[2]: 708259637 = 0x2A372F35
+						SubAuthority[3]: 1543119021 = 0x5BFA20AD
+						SubAuthority[4]: 103169 = 0x00019301
+			ACE
+				Type: 0x01 = ACCESS_DENIED_ACE_TYPE
+				Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE
+				Size: 0x0024
+				Mask: 0x001F0716 = fsdrightWriteBody | fsdrightAppendMsg | fsdrightWriteProperty | fsdrightWriteAttributes | fsdrightWriteOwnProperty | fsdrightDeleteOwnItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize
+				SID
+					User: (no domain)\(no name)
+					Textual SID: S-1-5-21-124525111-708259637-1543119021-103169
+						Revision: 0x01
+						SubAuthorityCount: 0x05
+						IdentifierAuthority: SECURITY_NT_AUTHORITY
+						SubAuthority[0]: 21 = 0x00000015
+						SubAuthority[1]: 124525111 = 0x076C1A37
+						SubAuthority[2]: 708259637 = 0x2A372F35
+						SubAuthority[3]: 1543119021 = 0x5BFA20AD
+						SubAuthority[4]: 103169 = 0x00019301
+			ACE
+				Type: 0x01 = ACCESS_DENIED_ACE_TYPE
+				Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE
+				Size: 0x0024
+				Mask: 0x001F0FBF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightWriteOwnProperty | fsdrightDeleteOwnItem | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize
+				SID
+					User: (no domain)\(no name)
+					Textual SID: S-1-5-21-124525095-708259637-1543119021-754602
+						Revision: 0x01
+						SubAuthorityCount: 0x05
+						IdentifierAuthority: SECURITY_NT_AUTHORITY
+						SubAuthority[0]: 21 = 0x00000015
+						SubAuthority[1]: 124525095 = 0x076C1A27
+						SubAuthority[2]: 708259637 = 0x2A372F35
+						SubAuthority[3]: 1543119021 = 0x5BFA20AD
+						SubAuthority[4]: 754602 = 0x000B83AA
+			ACE
+				Type: 0x00 = ACCESS_ALLOWED_ACE_TYPE
+				Flags: 0x02 = CONTAINER_INHERIT_ACE
+				Size: 0x0024
+				Mask: 0x001208A9 = fsdrightReadBody | fsdrightReadProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightViewItem | fsdrightReadControl | fsdrightSynchronize
+				SID
+					User: (no domain)\(no name)
+					Textual SID: S-1-5-21-124525111-708259637-1543119021-103169
+						Revision: 0x01
+						SubAuthorityCount: 0x05
+						IdentifierAuthority: SECURITY_NT_AUTHORITY
+						SubAuthority[0]: 21 = 0x00000015
+						SubAuthority[1]: 124525111 = 0x076C1A37
+						SubAuthority[2]: 708259637 = 0x2A372F35
+						SubAuthority[3]: 1543119021 = 0x5BFA20AD
+						SubAuthority[4]: 103169 = 0x00019301
+			ACE
+				Type: 0x01 = ACCESS_DENIED_ACE_TYPE
+				Flags: 0x02 = CONTAINER_INHERIT_ACE
+				Size: 0x0024
+				Mask: 0x000DC916 = fsdrightWriteBody | fsdrightAppendMsg | fsdrightWriteProperty | fsdrightWriteAttributes | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | 0xC000
+				SID
+					User: (no domain)\(no name)
+					Textual SID: S-1-5-21-124525111-708259637-1543119021-103169
+						Revision: 0x01
+						SubAuthorityCount: 0x05
+						IdentifierAuthority: SECURITY_NT_AUTHORITY
+						SubAuthority[0]: 21 = 0x00000015
+						SubAuthority[1]: 124525111 = 0x076C1A37
+						SubAuthority[2]: 708259637 = 0x2A372F35
+						SubAuthority[3]: 1543119021 = 0x5BFA20AD
+						SubAuthority[4]: 103169 = 0x00019301
+			ACE
+				Type: 0x01 = ACCESS_DENIED_ACE_TYPE
+				Flags: 0x02 = CONTAINER_INHERIT_ACE
+				Size: 0x0024
+				Mask: 0x001FC9BF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize | 0xC000
+				SID
+					User: (no domain)\(no name)
+					Textual SID: S-1-5-21-124525095-708259637-1543119021-754602
+						Revision: 0x01
+						SubAuthorityCount: 0x05
+						IdentifierAuthority: SECURITY_NT_AUTHORITY
+						SubAuthority[0]: 21 = 0x00000015
+						SubAuthority[1]: 124525095 = 0x076C1A27
+						SubAuthority[2]: 708259637 = 0x2A372F35
+						SubAuthority[3]: 1543119021 = 0x5BFA20AD
+						SubAuthority[4]: 754602 = 0x000B83AA
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/Out/SID-out-2.dat b/UnitTest/SmartViewTestData/Out/SID-out-2.dat
index e642c5fb9..6f45ca114 100644
--- a/UnitTest/SmartViewTestData/Out/SID-out-2.dat
+++ b/UnitTest/SmartViewTestData/Out/SID-out-2.dat
@@ -4,13 +4,8 @@ SID
 		Revision: 0x01
 		SubAuthorityCount: 0x05
 		IdentifierAuthority: SECURITY_NT_AUTHORITY
-		SubAuthority[0]
-			21 = 0x00000015
-		SubAuthority[1]
-			2127521184 = 0x7ECF65A0
-		SubAuthority[2]
-			1604012920 = 0x5F9B4B78
-		SubAuthority[3]
-			1887927527 = 0x70877CE7
-		SubAuthority[4]
-			2066407 = 0x001F87E7
\ No newline at end of file
+		SubAuthority[0]: 21 = 0x00000015
+		SubAuthority[1]: 2127521184 = 0x7ECF65A0
+		SubAuthority[2]: 1604012920 = 0x5F9B4B78
+		SubAuthority[3]: 1887927527 = 0x70877CE7
+		SubAuthority[4]: 2066407 = 0x001F87E7
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/Out/SID-out-3.dat b/UnitTest/SmartViewTestData/Out/SID-out-3.dat
index 1e29c79f9..c5128ffa6 100644
--- a/UnitTest/SmartViewTestData/Out/SID-out-3.dat
+++ b/UnitTest/SmartViewTestData/Out/SID-out-3.dat
@@ -4,5 +4,4 @@ SID
 		Revision: 0x01
 		SubAuthorityCount: 0x01
 		IdentifierAuthority: SECURITY_NT_AUTHORITY
-		SubAuthority[0]
-			18 = 0x00000012
\ No newline at end of file
+		SubAuthority[0]: 18 = 0x00000012
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/Out/SID-out-4.dat b/UnitTest/SmartViewTestData/Out/SID-out-4.dat
index c5a2f2fc4..19993402a 100644
--- a/UnitTest/SmartViewTestData/Out/SID-out-4.dat
+++ b/UnitTest/SmartViewTestData/Out/SID-out-4.dat
@@ -3,5 +3,4 @@ SID
 	Textual SID: (no SID)
 		Revision: 0x01
 		SubAuthorityCount: 0x04
-		SubAuthority[0]
-			1736704 = 0x001A8000
\ No newline at end of file
+		SubAuthority[0]: 1736704 = 0x001A8000
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/Out/SID-out-5.dat b/UnitTest/SmartViewTestData/Out/SID-out-5.dat
index 6714f55c3..fc9314736 100644
--- a/UnitTest/SmartViewTestData/Out/SID-out-5.dat
+++ b/UnitTest/SmartViewTestData/Out/SID-out-5.dat
@@ -4,5 +4,4 @@ SID
 		Revision: 0x01
 		SubAuthorityCount: 0x04
 		IdentifierAuthority: 268436996
-		SubAuthority[0]
-			3 = 0x00000003
\ No newline at end of file
+		SubAuthority[0]: 3 = 0x00000003
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/Out/SID-out-6.dat b/UnitTest/SmartViewTestData/Out/SID-out-6.dat
new file mode 100644
index 000000000..3e81f1c15
--- /dev/null
+++ b/UnitTest/SmartViewTestData/Out/SID-out-6.dat
@@ -0,0 +1,7 @@
+SID
+	User: (no domain)\(no name)
+	Textual SID: S-255-5-11
+		Revision: 0xFF
+		SubAuthorityCount: 0x01
+		IdentifierAuthority: SECURITY_NT_AUTHORITY
+		SubAuthority[0]: 11 = 0x0000000B
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/Out/SID-out-7.dat b/UnitTest/SmartViewTestData/Out/SID-out-7.dat
new file mode 100644
index 000000000..bb9145906
--- /dev/null
+++ b/UnitTest/SmartViewTestData/Out/SID-out-7.dat
@@ -0,0 +1,13 @@
+SID
+	User: (no domain)\(no name)
+	Textual SID: S-1-5-21-2127521184-1604012920-1887927527-2066407
+		Revision: 0x01
+		SubAuthorityCount: 0x05
+		IdentifierAuthority: SECURITY_NT_AUTHORITY
+		SubAuthority[0]: 21 = 0x00000015
+		SubAuthority[1]: 2127521184 = 0x7ECF65A0
+		SubAuthority[2]: 1604012920 = 0x5F9B4B78
+		SubAuthority[3]: 1887927527 = 0x70877CE7
+		SubAuthority[4]: 2066407 = 0x001F87E7
+	Unparsed data size = 0x00000003
+		cb: 3 lpb: 123456
\ No newline at end of file
diff --git a/core/interpret/sid.cpp b/core/interpret/sid.cpp
index 81a225503..0ce854c86 100644
--- a/core/interpret/sid.cpp
+++ b/core/interpret/sid.cpp
@@ -20,6 +20,34 @@ namespace sid
 		return !name.empty() ? name : strings::formatmessage(IDS_NONAME);
 	}
 
+	_Check_return_ std::wstring LookupIdentifierAuthority(const SID_IDENTIFIER_AUTHORITY& authority)
+	{
+		static const auto authorityLookupTable = std::vector<std::pair<SID_IDENTIFIER_AUTHORITY, std::wstring>>{
+			{SECURITY_NULL_SID_AUTHORITY, L"SECURITY_NULL_SID_AUTHORITY"},
+			{SECURITY_WORLD_SID_AUTHORITY, L"SECURITY_WORLD_SID_AUTHORITY"},
+			{SECURITY_LOCAL_SID_AUTHORITY, L"SECURITY_LOCAL_SID_AUTHORITY"},
+			{SECURITY_CREATOR_SID_AUTHORITY, L"SECURITY_CREATOR_SID_AUTHORITY"},
+			{SECURITY_NON_UNIQUE_AUTHORITY, L"SECURITY_NON_UNIQUE_AUTHORITY"},
+			{SECURITY_RESOURCE_MANAGER_AUTHORITY, L"SECURITY_RESOURCE_MANAGER_AUTHORITY"},
+			{SECURITY_NT_AUTHORITY, L"SECURITY_NT_AUTHORITY"},
+			{SECURITY_APP_PACKAGE_AUTHORITY, L"SECURITY_APP_PACKAGE_AUTHORITY"},
+			{SECURITY_MANDATORY_LABEL_AUTHORITY, L"SECURITY_MANDATORY_LABEL_AUTHORITY"},
+			{SECURITY_SCOPED_POLICY_ID_AUTHORITY, L"SECURITY_SCOPED_POLICY_ID_AUTHORITY"},
+			{SECURITY_AUTHENTICATION_AUTHORITY, L"SECURITY_AUTHENTICATION_AUTHORITY"},
+			{SECURITY_PROCESS_TRUST_AUTHORITY, L"SECURITY_PROCESS_TRUST_AUTHORITY"},
+		};
+
+		for (const auto& entry : authorityLookupTable)
+		{
+			if (std::memcmp(&authority, &entry.first, sizeof(SID_IDENTIFIER_AUTHORITY)) == 0)
+			{
+				return entry.second;
+			}
+		}
+
+		return IdentifierAuthorityToString(authority);
+	}
+
 	_Check_return_ std::wstring IdentifierAuthorityToString(const SID_IDENTIFIER_AUTHORITY& authority)
 	{
 		if (authority.Value[0] != 0 || authority.Value[1] != 0)
diff --git a/core/interpret/sid.h b/core/interpret/sid.h
index 9e0e7fb2e..cc737eb7f 100644
--- a/core/interpret/sid.h
+++ b/core/interpret/sid.h
@@ -29,6 +29,7 @@ namespace sid
 		std::wstring info;
 	};
 
+	_Check_return_ std::wstring LookupIdentifierAuthority(const SID_IDENTIFIER_AUTHORITY& authority);
 	_Check_return_ std::wstring IdentifierAuthorityToString(const SID_IDENTIFIER_AUTHORITY& authority);
 	_Check_return_ std::wstring GetTextualSid(_In_opt_ PSID pSid);
 	_Check_return_ std::wstring GetTextualSid(std::vector<BYTE> buf);
diff --git a/core/smartview/SD/ACLBin.cpp b/core/smartview/SD/ACLBin.cpp
index eb4c0fc95..ccec7bfc5 100644
--- a/core/smartview/SD/ACLBin.cpp
+++ b/core/smartview/SD/ACLBin.cpp
@@ -10,6 +10,13 @@ namespace smartview
 		AclSize = blockT<WORD>::parse(parser);
 		AceCount = blockT<WORD>::parse(parser);
 		Sbz2 = blockT<WORD>::parse(parser);
+		for (auto i = 0; i < AceCount->getData(); i++)
+		{
+			const auto ace = std::make_shared<ACEBin>(sid::aceType::Message);
+			ace->block::parse(parser, false);
+			if (!ace->isSet()) break;
+			aces.push_back(ace);
+		}
 	};
 
 	void ACLBin::parseBlocks()
@@ -20,5 +27,10 @@ namespace smartview
 		addChild(AclSize, L"AclSize: 0x%1!04X!", AclSize->getData());
 		addChild(AceCount, L"AceCount: 0x%1!04X!", AceCount->getData());
 		addChild(Sbz2, L"Sbz2: 0x%1!04X!", Sbz2->getData());
+
+		for (const auto& ace : aces)
+		{
+			addChild(ace);
+		}
 	};
 } // namespace smartview
\ No newline at end of file
diff --git a/core/smartview/SD/ACLBin.h b/core/smartview/SD/ACLBin.h
index 3a989a808..31bf37089 100644
--- a/core/smartview/SD/ACLBin.h
+++ b/core/smartview/SD/ACLBin.h
@@ -16,7 +16,7 @@ namespace smartview
 		std::shared_ptr<blockT<WORD>> AclSize = emptyT<WORD>();
 		std::shared_ptr<blockT<WORD>> AceCount = emptyT<WORD>();
 		std::shared_ptr<blockT<WORD>> Sbz2 = emptyT<WORD>();
-		std::vector<std::shared_ptr<ACEBin>> ace;
+		std::vector<std::shared_ptr<ACEBin>> aces;
 
 		void parse() override;
 		void parseBlocks() override;
diff --git a/core/smartview/SD/NTSD.cpp b/core/smartview/SD/NTSD.cpp
index 447283e09..1d293fd6c 100644
--- a/core/smartview/SD/NTSD.cpp
+++ b/core/smartview/SD/NTSD.cpp
@@ -8,75 +8,31 @@
 
 namespace smartview
 {
-	void NTSD::parse()
+	NTSD::NTSD(_In_opt_ LPMAPIPROP lpMAPIProp, bool bFB)
 	{
-		// Grab a parser at the start to pass to NT functions
-		const auto sdRoot = parser->getOffset();
-		m_SDbin = blockBytes::parse(parser, parser->getSize());
-		parser->setOffset(sdRoot);
-
-		Revision = blockT<BYTE>::parse(parser);
-		Sbz1 = blockT<BYTE>::parse(parser);
-		Control = blockT<WORD>::parse(parser);
-		OffsetOwner = blockT<DWORD>::parse(parser);
-		auto newOffset = OffsetOwner->getData();
-		if (newOffset && newOffset < m_SDbin->size())
-		{
-			const auto originalOffset = parser->getOffset();
-			parser->setOffset(newOffset);
-			block::parse<SIDBin>(parser, false);
-			parser->setOffset(originalOffset);
-		}
-
-		OffsetGroup = blockT<DWORD>::parse(parser);
-		newOffset = OffsetGroup->getData();
-		if (newOffset && newOffset < m_SDbin->size())
-		{
-			const auto originalOffset = parser->getOffset();
-			parser->setOffset(newOffset);
-			block::parse<SIDBin>(parser, false);
-			parser->setOffset(originalOffset);
-		}
-
-		OffsetSacl = blockT<DWORD>::parse(parser);
-		newOffset = OffsetSacl->getData();
-		if (newOffset && newOffset < m_SDbin->size())
+		switch (mapi::GetMAPIObjectType(lpMAPIProp))
 		{
-			const auto originalOffset = parser->getOffset();
-			parser->setOffset(newOffset);
-			Sacl = block::parse<ACLBin>(parser, false);
-			parser->setOffset(originalOffset);
+		case MAPI_STORE:
+		case MAPI_ADDRBOOK:
+		case MAPI_FOLDER:
+		case MAPI_ABCONT:
+			acetype = sid::aceType::Container;
+			break;
 		}
 
-		OffsetDacl = blockT<DWORD>::parse(parser);
-		newOffset = OffsetDacl->getData();
-		if (newOffset && newOffset < m_SDbin->size())
-		{
-			const auto originalOffset = parser->getOffset();
-			parser->setOffset(newOffset);
-			Dacl = block::parse<ACLBin>(parser, false);
-			parser->setOffset(originalOffset);
-		}
+		if (bFB) acetype = sid::aceType::FreeBusy;
 	}
 
+	void NTSD::parse() { m_SDbin = blockBytes::parse(parser, parser->getSize()); }
+
 	void NTSD::parseBlocks()
 	{
-		setText(L"PR_NT_SECURITY_DESCRIPTOR");
-
-		addChild(Revision, L"Revision: 0x%1!02X!", Revision->getData());
-		addChild(Sbz1, L"Sbz1: 0x%1!02X!", Sbz1->getData());
-		addChild(Control, L"Control: 0x%1!04X!", Control->getData());
-		addChild(OffsetOwner, L"OffsetOwner: 0x%1!08X!", OffsetOwner->getData());
-		addChild(OffsetGroup, L"OffsetGroup: 0x%1!08X!", OffsetGroup->getData());
-		addChild(OffsetSacl, L"OffsetSacl: 0x%1!08X!", OffsetSacl->getData());
-		if (Sacl) addChild(Sacl);
-		addChild(OffsetDacl, L"OffsetDacl: 0x%1!08X!", OffsetDacl->getData());
-		if (Dacl) addChild(Dacl);
-
 		if (m_SDbin)
 		{
+			setText(L"PR_NT_SECURITY_DESCRIPTOR");
+
 			// TODO: more accurately break this parsing into blocks with proper offsets
-			const auto sd = SDToString(*m_SDbin, acetype);
+			const auto sd = NTSDToString(*m_SDbin, acetype);
 			auto si = create(L"Security Info");
 			addChild(si);
 			if (!sd.info.empty())
diff --git a/core/smartview/SD/NTSD.h b/core/smartview/SD/NTSD.h
index b331b94e8..a79720848 100644
--- a/core/smartview/SD/NTSD.h
+++ b/core/smartview/SD/NTSD.h
@@ -1,7 +1,6 @@
 #pragma once
 #include <core/smartview/block/block.h>
 #include <core/smartview/block/blockBytes.h>
-//#include <core/smartview/block/blockStringW.h>
 #include <core/smartview/block/blockT.h>
 #include <core/interpret/sid.h>
 #include <core/smartview/SD/NTSD.h>
@@ -40,15 +39,5 @@ namespace smartview
 
 		sid::aceType acetype{sid::aceType::Message};
 		std::shared_ptr<blockBytes> m_SDbin = emptyBB();
-
-		std::shared_ptr<blockT<BYTE>> Revision = emptyT<BYTE>();
-		std::shared_ptr<blockT<BYTE>> Sbz1 = emptyT<BYTE>();
-		std::shared_ptr<blockT<WORD>> Control = emptyT<WORD>();
-		std::shared_ptr<blockT<DWORD>> OffsetOwner = emptyT<DWORD>();
-		std::shared_ptr<blockT<DWORD>> OffsetGroup = emptyT<DWORD>();
-		std::shared_ptr<blockT<DWORD>> OffsetSacl = emptyT<DWORD>();
-		std::shared_ptr<ACLBin> Sacl;
-		std::shared_ptr<blockT<DWORD>> OffsetDacl = emptyT<DWORD>();
-		std::shared_ptr<ACLBin> Dacl;
 	};
 } // namespace smartview
\ No newline at end of file
diff --git a/core/smartview/SD/SDBin.cpp b/core/smartview/SD/SDBin.cpp
index 527cddb7c..4e3d7d61e 100644
--- a/core/smartview/SD/SDBin.cpp
+++ b/core/smartview/SD/SDBin.cpp
@@ -4,6 +4,7 @@
 #include <core/interpret/flags.h>
 #include <core/interpret/sid.h>
 #include <core/mapi/mapiFunctions.h>
+#include <core/smartview/SD/SidBin.h>
 
 namespace smartview
 {
@@ -22,34 +23,60 @@ namespace smartview
 		if (bFB) acetype = sid::aceType::FreeBusy;
 	}
 
+	void SDBin::parse()
+	{
+		auto originalOffset = size_t{};
+		auto postSdOffset = size_t{};
+		const auto sdSize = parser->getSize();
 
+		Revision = blockT<BYTE>::parse(parser);
+		Sbz1 = blockT<BYTE>::parse(parser);
+		Control = blockT<WORD>::parse(parser);
+		OffsetOwner = blockT<DWORD>::parse(parser);
+		auto newOffset = OffsetOwner->getData();
+		if (newOffset && newOffset < sdSize)
 		{
+			originalOffset = parser->getOffset();
+			parser->setOffset(newOffset);
+			OwnerSid = block::parse<SIDBin>(parser, false);
+			postSdOffset = max(postSdOffset, parser->getOffset());
+			parser->setOffset(originalOffset);
+		}
+
+		OffsetGroup = blockT<DWORD>::parse(parser);
+		newOffset = OffsetGroup->getData();
+		if (newOffset && newOffset < sdSize)
 		{
-			const auto originalOffset = parser->getOffset();
+			originalOffset = parser->getOffset();
 			parser->setOffset(newOffset);
-			block::parse<SIDBin>(parser, false);
+			GroupSid = block::parse<SIDBin>(parser, false);
+			postSdOffset = max(postSdOffset, parser->getOffset());
 			parser->setOffset(originalOffset);
 		}
 
 		OffsetSacl = blockT<DWORD>::parse(parser);
 		newOffset = OffsetSacl->getData();
-		if (newOffset && newOffset < m_SDbin->size())
+		if (newOffset && newOffset < sdSize)
 		{
-			const auto originalOffset = parser->getOffset();
+			originalOffset = parser->getOffset();
 			parser->setOffset(newOffset);
 			Sacl = block::parse<ACLBin>(parser, false);
+			postSdOffset = max(postSdOffset, parser->getOffset());
 			parser->setOffset(originalOffset);
 		}
 
 		OffsetDacl = blockT<DWORD>::parse(parser);
 		newOffset = OffsetDacl->getData();
-		if (newOffset && newOffset < m_SDbin->size())
+		if (newOffset && newOffset < sdSize)
 		{
-			const auto originalOffset = parser->getOffset();
+			originalOffset = parser->getOffset();
 			parser->setOffset(newOffset);
 			Dacl = block::parse<ACLBin>(parser, false);
+			postSdOffset = max(postSdOffset, parser->getOffset());
 			parser->setOffset(originalOffset);
 		}
+
+		parser->setOffset(postSdOffset);
 	}
 
 	void SDBin::parseBlocks()
@@ -62,30 +89,10 @@ namespace smartview
 		addChild(OffsetOwner, L"OffsetOwner: 0x%1!08X!", OffsetOwner->getData());
 		addChild(OffsetGroup, L"OffsetGroup: 0x%1!08X!", OffsetGroup->getData());
 		addChild(OffsetSacl, L"OffsetSacl: 0x%1!08X!", OffsetSacl->getData());
-		if (Sacl) addChild(Sacl);
 		addChild(OffsetDacl, L"OffsetDacl: 0x%1!08X!", OffsetDacl->getData());
-		if (Dacl) addChild(Dacl);
-
-		if (m_SDbin)
-		{
-			// TODO: more accurately break this parsing into blocks with proper offsets
-			const auto sd = SDToString(*m_SDbin, acetype);
-			auto si = create(L"Security Info");
-			addChild(si);
-			if (!sd.info.empty())
-			{
-				si->addChild(m_SDbin, sd.info);
-			}
-
-			if (m_SDbin->size() >= 2 * sizeof(WORD))
-			{
-				const auto sdVersion = SECURITY_DESCRIPTOR_VERSION(m_SDbin->data());
-				auto szFlags = flags::InterpretFlags(flagSecurityVersion, sdVersion);
-				addHeader(L"Security Version: 0x%1!04X! = %2!ws!", sdVersion, szFlags.c_str());
-			}
-
-			addHeader(L"Descriptor");
-			addHeader(sd.dacl);
-		}
+		if (OwnerSid) addLabeledChild(L"OwnerSid", OwnerSid);
+		if (GroupSid) addLabeledChild(L"GroupSid", GroupSid);
+		if (Sacl) addLabeledChild(L"Sacl", Sacl);
+		if (Dacl) addLabeledChild(L"Dacl", Dacl);
 	}
 } // namespace smartview
\ No newline at end of file
diff --git a/core/smartview/SD/SDBin.h b/core/smartview/SD/SDBin.h
index 004f0a57d..b0ef13fc3 100644
--- a/core/smartview/SD/SDBin.h
+++ b/core/smartview/SD/SDBin.h
@@ -1,10 +1,15 @@
 #pragma once
 #include <core/smartview/block/block.h>
+#include <core/smartview/block/blockT.h>
 #include <core/smartview/block/blockBytes.h>
 #include <core/interpret/sid.h>
+#include <core/smartview/SD/SidBin.h>
+#include <core/smartview/SD/ACLBin.h>
 
 namespace smartview
 {
+	// [MS-DTYP] 2.4.6 SECURITY_DESCRIPTOR
+	// https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/7d4dac05-9cef-4563-a058-f108abecce1d
 	class SDBin : public block
 	{
 	public:
@@ -14,7 +19,18 @@ namespace smartview
 		void parse() override;
 		void parseBlocks() override;
 
+		std::shared_ptr<blockT<BYTE>> Revision = emptyT<BYTE>();
+		std::shared_ptr<blockT<BYTE>> Sbz1 = emptyT<BYTE>();
+		std::shared_ptr<blockT<WORD>> Control = emptyT<WORD>();
+		std::shared_ptr<blockT<DWORD>> OffsetOwner = emptyT<DWORD>();
+		std::shared_ptr<blockT<DWORD>> OffsetGroup = emptyT<DWORD>();
+		std::shared_ptr<blockT<DWORD>> OffsetSacl = emptyT<DWORD>();
+		std::shared_ptr<blockT<DWORD>> OffsetDacl = emptyT<DWORD>();
+		std::shared_ptr<SIDBin> OwnerSid;
+		std::shared_ptr<SIDBin> GroupSid;
+		std::shared_ptr<ACLBin> Sacl;
+		std::shared_ptr<ACLBin> Dacl;
+
 		sid::aceType acetype{sid::aceType::Message};
-		std::shared_ptr<blockBytes> m_SDbin = emptyBB();
 	};
 } // namespace smartview
\ No newline at end of file
diff --git a/core/smartview/SD/SIDBin.cpp b/core/smartview/SD/SIDBin.cpp
index e5dd5e0e8..959b53249 100644
--- a/core/smartview/SD/SIDBin.cpp
+++ b/core/smartview/SD/SIDBin.cpp
@@ -5,20 +5,72 @@
 
 namespace smartview
 {
-	void SIDBin::parse() { m_SIDbin = blockBytes::parse(parser, parser->getSize()); }
+	void SIDBin::parse()
+	{
+		const auto sidOffset = parser->getOffset();
+
+		Revision = blockT<BYTE>::parse(parser);
+		SubAuthorityCount = blockT<BYTE>::parse(parser);
+		IdentifierAuthority = blockBytes::parse(parser, 6); // 6 bytes
+		for (auto i = 0; i < SubAuthorityCount->getData(); i++)
+		{
+			const auto sa = blockT<DWORD>::parse(parser);
+			if (!sa->isSet()) break;
+			SubAuthority.push_back(sa);
+		}
+
+		const auto postSidOffset = parser->getOffset();
+		parser->setOffset(sidOffset);
+		m_SIDbin = blockBytes::parse(parser, postSidOffset - sidOffset);
+	}
 
 	void SIDBin::parseBlocks()
 	{
+		setText(L"SID");
+
 		if (m_SIDbin)
 		{
 			auto sidAccount = sid::LookupAccountSid(*m_SIDbin);
-			auto sidString = sid::GetTextualSid(*m_SIDbin);
-
-			setText(L"SID");
 			addHeader(L"User: %1!ws!\\%2!ws!", sidAccount.getDomain().c_str(), sidAccount.getName().c_str());
+		}
+
+		std::wstring TextualSid = {};
+		const auto psia =
+			IdentifierAuthority->isSet() ? (PSID_IDENTIFIER_AUTHORITY) (IdentifierAuthority->data()) : nullptr;
 
-			if (sidString.empty()) sidString = strings::formatmessage(IDS_NOSID);
-			addChild(m_SIDbin, L"Textual SID: %1!ws!", sidString.c_str());
+		if (psia != nullptr && SubAuthority.size() == *SubAuthorityCount)
+		{
+			TextualSid = strings::format(L"S-%lu-", Revision->getData());
+			TextualSid += sid::IdentifierAuthorityToString(*psia);
+
+			// Add SID subauthorities to the string.
+			if (SubAuthority.size() > 0)
+			{
+				for (const auto& sa : SubAuthority)
+				{
+					TextualSid += strings::format(L"-%lu", sa->getData());
+				}
+			}
+		}
+		else
+		{
+			TextualSid = strings::formatmessage(IDS_NOSID);
+		}
+
+		addChild(m_SIDbin, L"Textual SID: %1!ws!", TextualSid.c_str());
+		m_SIDbin->addChild(Revision, L"Revision: 0x%1!02X!", Revision->getData());
+		m_SIDbin->addChild(SubAuthorityCount, L"SubAuthorityCount: 0x%1!02X!", SubAuthorityCount->getData());
+		if (psia != nullptr)
+		{
+			const auto is = sid::LookupIdentifierAuthority(*psia);
+			m_SIDbin->addChild(IdentifierAuthority, L"IdentifierAuthority: %1!ws!", is.c_str());
+		}
+
+		int i = 0;
+		for (const auto& sa : SubAuthority)
+		{
+			m_SIDbin->addChild(sa, L"SubAuthority[%1!d!]: %2!d! = 0x%2!08X!", i, sa->getData());
+			i++;
 		}
 	}
 } // namespace smartview
\ No newline at end of file
diff --git a/core/smartview/SD/SIDBin.h b/core/smartview/SD/SIDBin.h
index 89a116876..ffa10b04a 100644
--- a/core/smartview/SD/SIDBin.h
+++ b/core/smartview/SD/SIDBin.h
@@ -1,15 +1,24 @@
 #pragma once
 #include <core/smartview/block/block.h>
 #include <core/smartview/block/blockBytes.h>
+#include <core/smartview/block/blockT.h>
 
 namespace smartview
 {
+	// [MS-DTYP] 2.4.2.2 SID--Packet Representation
+	// https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/f992ad60-0fe4-4b87-9fed-beb478836861
 	class SIDBin : public block
 	{
 	private:
 		void parse() override;
 		void parseBlocks() override;
 
+		std::shared_ptr<blockT<BYTE>> Revision = emptyT<BYTE>();
+		std::shared_ptr<blockT<BYTE>> SubAuthorityCount = emptyT<BYTE>();
+		std::shared_ptr<blockBytes> IdentifierAuthority = emptyBB(); // 6 bytes
+		std::vector<std::shared_ptr<blockT<DWORD>>> SubAuthority;
+
+		// We keep this for a call to LookupAccountSid
 		std::shared_ptr<blockBytes> m_SIDbin = emptyBB();
 	};
 } // namespace smartview
\ No newline at end of file
diff --git a/core/smartview/SmartView.cpp b/core/smartview/SmartView.cpp
index ce35c58d2..ec45974fa 100644
--- a/core/smartview/SmartView.cpp
+++ b/core/smartview/SmartView.cpp
@@ -40,12 +40,12 @@
 #include <core/smartview/SD/ACEBin.h>
 #include <core/smartview/SD/SIDBin.h>
 #include <core/smartview/SD/SDBin.h>
+#include <core/smartview/SD/NTSD.h>
 #include <core/smartview/XID.h>
 #include <core/smartview/decodeEntryID.h>
 #include <core/smartview/encodeEntryID.h>
 #include <core/smartview/addinParser.h>
 #include <core/smartview/swappedToDo.h>
-#include <core/smartview/SD/NTSD.h>
 
 namespace smartview
 {
@@ -139,7 +139,7 @@ namespace smartview
 		case parserType::SECURITYDESCRIPTOR:
 			return std::make_shared<SDBin>(lpMAPIProp, false);
 		case parserType::FBSECURITYDESCRIPTOR:
-			return std::make_shared<SDBin>(lpMAPIProp, true);
+			return std::make_shared<NTSD>(lpMAPIProp, true);
 		case parserType::XID:
 			return std::make_shared<XID>();
 		case parserType::SWAPPEDTODO:
@@ -153,7 +153,7 @@ namespace smartview
 		case parserType::ACEFB:
 			return std::make_shared<ACEBin>(sid::aceType::FreeBusy);
 		case parserType::NTSD:
-			return std::make_shared<NTSD>();
+			return std::make_shared<NTSD>(lpMAPIProp, false);
 		default:
 			// Any other case is either handled by an add-in or not at all
 			return std::make_shared<addinParser>(type);

From 96c6186c4e8c6b90f58154a55e230f0fe6f469ec Mon Sep 17 00:00:00 2001
From: Stephen Griffin <sgriffin@outlook.com>
Date: Thu, 16 Jan 2025 11:21:05 -0500
Subject: [PATCH 12/19] land ntsd parser - all tests green

---
 UnitTest/SmartViewTestData/In/NTSD-1.dat      |  28 ++-
 .../Out/FBSECURITYDESCRIPTOR-out-1.dat        |  56 +++++-
 .../Out/FBSECURITYDESCRIPTOR-out-2.dat        |  78 ++++++--
 UnitTest/SmartViewTestData/Out/NTSD-out-1.dat | 171 ++++++++++++++----
 UnitTest/SmartViewTestData/Out/NTSD-out-2.dat |  83 +++++++--
 UnitTest/SmartViewTestData/Out/NTSD-out-3.dat |  39 +++-
 UnitTest/SmartViewTestData/Out/NTSD-out-4.dat |  12 +-
 core/smartview/SD/NTSD.cpp                    |  99 ++++++++--
 core/smartview/SD/NTSD.h                      |  25 ++-
 core/smartview/SD/SDBin.cpp                   |  23 ++-
 core/smartview/SD/SDBin.h                     |   1 +
 11 files changed, 492 insertions(+), 123 deletions(-)

diff --git a/UnitTest/SmartViewTestData/In/NTSD-1.dat b/UnitTest/SmartViewTestData/In/NTSD-1.dat
index 49001e52b..4b4dc30b4 100644
--- a/UnitTest/SmartViewTestData/In/NTSD-1.dat
+++ b/UnitTest/SmartViewTestData/In/NTSD-1.dat
@@ -1 +1,27 @@
-080003000000000001000780F40000000001000000000000140000000200E0000600000000092400A9081200010500000000000515000000371A6C07352F372AAD20FA5B019301000109240016071F00010500000000000515000000371A6C07352F372AAD20FA5B0193010001092400BF0F1F00010500000000000515000000271A6C07352F372AAD20FA5BAA830B0000022400A9081200010500000000000515000000371A6C07352F372AAD20FA5B019301000102240016C90D00010500000000000515000000371A6C07352F372AAD20FA5B0193010001022400BFC91F00010500000000000515000000271A6C07352F372AAD20FA5BAA830B0001010000000000051200000001020000000000052000000020020000
\ No newline at end of file
+0800
+0300
+00000000
+
+01
+00
+0780
+F4000000
+00010000
+00000000
+14000000
+
+02
+00
+E000
+0600
+0000
+00092400A9081200010500000000000515000000371A6C07352F372AAD20FA5B01930100
+0109240016071F00010500000000000515000000371A6C07352F372AAD20FA5B01930100
+01092400BF0F1F00010500000000000515000000271A6C07352F372AAD20FA5BAA830B00
+00022400A9081200010500000000000515000000371A6C07352F372AAD20FA5B01930100
+0102240016C90D00010500000000000515000000371A6C07352F372AAD20FA5B01930100
+01022400BFC91F00010500000000000515000000271A6C07352F372AAD20FA5BAA830B00
+
+010100000000000512000000
+
+01020000000000052000000020020000
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/Out/FBSECURITYDESCRIPTOR-out-1.dat b/UnitTest/SmartViewTestData/Out/FBSECURITYDESCRIPTOR-out-1.dat
index 0745693ac..89a1178a5 100644
--- a/UnitTest/SmartViewTestData/Out/FBSECURITYDESCRIPTOR-out-1.dat
+++ b/UnitTest/SmartViewTestData/Out/FBSECURITYDESCRIPTOR-out-1.dat
@@ -1,11 +1,47 @@
 PR_NT_SECURITY_DESCRIPTOR
-	Security Info
-		0x0
-	Security Version: 0x0003 = SECURITY_DESCRIPTOR_TRANSFER_VERSION
-	Descriptor
-	Account: \Everyone
-ACE Type: 0x00 = ACCESS_ALLOWED_ACE_TYPE
-ACE Flags: 0x02 = CONTAINER_INHERIT_ACE
-ACE Mask: 0x00000001 = fsdrightFreeBusySimple
-ACE Size: 0x0014
-SID: S-1-1-0
\ No newline at end of file
+	Padding: 0x0008
+	Version: 0x0003 = SECURITY_DESCRIPTOR_TRANSFER_VERSION
+	Security Information: 0x00000000 = 0x0
+	Security Descriptor
+		Revision: 0x01
+		Sbz1: 0x00
+		Control: 0x8004
+		OffsetOwner: 0x00000014
+		OffsetGroup: 0x00000020
+		OffsetSacl: 0x00000000
+		OffsetDacl: 0x0000002C
+		OwnerSid
+			SID
+				User: NT AUTHORITY\SYSTEM
+				Textual SID: S-1-5-18
+					Revision: 0x01
+					SubAuthorityCount: 0x01
+					IdentifierAuthority: SECURITY_NT_AUTHORITY
+					SubAuthority[0]: 18 = 0x00000012
+		GroupSid
+			SID
+				User: NT AUTHORITY\SYSTEM
+				Textual SID: S-1-5-18
+					Revision: 0x01
+					SubAuthorityCount: 0x01
+					IdentifierAuthority: SECURITY_NT_AUTHORITY
+					SubAuthority[0]: 18 = 0x00000012
+		Dacl
+			ACL
+				Revision: 0x02
+				Sbz1: 0x00
+				AclSize: 0x001C
+				AceCount: 0x0001
+				Sbz2: 0x0000
+				ACE
+					Type: 0x00 = ACCESS_ALLOWED_ACE_TYPE
+					Flags: 0x02 = CONTAINER_INHERIT_ACE
+					Size: 0x0014
+					Mask: 0x00000001 = fsdrightReadBody
+					SID
+						User: \Everyone
+						Textual SID: S-1-1-0
+							Revision: 0x01
+							SubAuthorityCount: 0x01
+							IdentifierAuthority: SECURITY_WORLD_SID_AUTHORITY
+							SubAuthority[0]: 0 = 0x00000000
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/Out/FBSECURITYDESCRIPTOR-out-2.dat b/UnitTest/SmartViewTestData/Out/FBSECURITYDESCRIPTOR-out-2.dat
index 857ac5754..7b2c5afea 100644
--- a/UnitTest/SmartViewTestData/Out/FBSECURITYDESCRIPTOR-out-2.dat
+++ b/UnitTest/SmartViewTestData/Out/FBSECURITYDESCRIPTOR-out-2.dat
@@ -1,17 +1,63 @@
 PR_NT_SECURITY_DESCRIPTOR
-	Security Info
-		0x0
-	Security Version: 0x0003 = SECURITY_DESCRIPTOR_TRANSFER_VERSION
-	Descriptor
-	Account: (no domain)\(no name)
-ACE Type: 0x00 = ACCESS_ALLOWED_ACE_TYPE
-ACE Flags: 0x02 = CONTAINER_INHERIT_ACE
-ACE Mask: 0x00000003 = fsdrightFreeBusySimple | fsdrightFreeBusyDetailed
-ACE Size: 0x0024
-SID: S-1-5-21-1148560623-1742210193-3263613743-3181487
-Account: \Everyone
-ACE Type: 0x00 = ACCESS_ALLOWED_ACE_TYPE
-ACE Flags: 0x02 = CONTAINER_INHERIT_ACE
-ACE Mask: 0x00000001 = fsdrightFreeBusySimple
-ACE Size: 0x0014
-SID: S-1-1-0
\ No newline at end of file
+	Padding: 0x0008
+	Version: 0x0003 = SECURITY_DESCRIPTOR_TRANSFER_VERSION
+	Security Information: 0x00000000 = 0x0
+	Security Descriptor
+		Revision: 0x01
+		Sbz1: 0x00
+		Control: 0x8004
+		OffsetOwner: 0x00000014
+		OffsetGroup: 0x00000020
+		OffsetSacl: 0x00000000
+		OffsetDacl: 0x0000002C
+		OwnerSid
+			SID
+				User: NT AUTHORITY\SYSTEM
+				Textual SID: S-1-5-18
+					Revision: 0x01
+					SubAuthorityCount: 0x01
+					IdentifierAuthority: SECURITY_NT_AUTHORITY
+					SubAuthority[0]: 18 = 0x00000012
+		GroupSid
+			SID
+				User: NT AUTHORITY\SYSTEM
+				Textual SID: S-1-5-18
+					Revision: 0x01
+					SubAuthorityCount: 0x01
+					IdentifierAuthority: SECURITY_NT_AUTHORITY
+					SubAuthority[0]: 18 = 0x00000012
+		Dacl
+			ACL
+				Revision: 0x02
+				Sbz1: 0x00
+				AclSize: 0x0040
+				AceCount: 0x0002
+				Sbz2: 0x0000
+				ACE
+					Type: 0x00 = ACCESS_ALLOWED_ACE_TYPE
+					Flags: 0x02 = CONTAINER_INHERIT_ACE
+					Size: 0x0024
+					Mask: 0x00000003 = fsdrightReadBody | fsdrightWriteBody
+					SID
+						User: (no domain)\(no name)
+						Textual SID: S-1-5-21-1148560623-1742210193-3263613743-3181487
+							Revision: 0x01
+							SubAuthorityCount: 0x05
+							IdentifierAuthority: SECURITY_NT_AUTHORITY
+							SubAuthority[0]: 21 = 0x00000015
+							SubAuthority[1]: 1148560623 = 0x4475A4EF
+							SubAuthority[2]: 1742210193 = 0x67D80491
+							SubAuthority[3]: -1031353553 = 0xC286CB2F
+							SubAuthority[4]: 3181487 = 0x00308BAF
+				ACE
+					Type: 0x00 = ACCESS_ALLOWED_ACE_TYPE
+					Flags: 0x02 = CONTAINER_INHERIT_ACE
+					Size: 0x0014
+					Mask: 0x00000001 = fsdrightReadBody
+					SID
+						User: \Everyone
+						Textual SID: S-1-1-0
+							Revision: 0x01
+							SubAuthorityCount: 0x01
+							IdentifierAuthority: SECURITY_WORLD_SID_AUTHORITY
+							SubAuthority[0]: 0 = 0x00000000
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/Out/NTSD-out-1.dat b/UnitTest/SmartViewTestData/Out/NTSD-out-1.dat
index 0894e73c5..e8881be50 100644
--- a/UnitTest/SmartViewTestData/Out/NTSD-out-1.dat
+++ b/UnitTest/SmartViewTestData/Out/NTSD-out-1.dat
@@ -1,41 +1,132 @@
 PR_NT_SECURITY_DESCRIPTOR
-	Security Info
-		0x0
-	Security Version: 0x0003 = SECURITY_DESCRIPTOR_TRANSFER_VERSION
-	Descriptor
-	Account: (no domain)\(no name)
-ACE Type: 0x00 = ACCESS_ALLOWED_ACE_TYPE
-ACE Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE
-ACE Mask: 0x001208A9 = fsdrightReadBody | fsdrightReadProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightViewItem | fsdrightReadControl | fsdrightSynchronize
-ACE Size: 0x0024
-SID: S-1-5-21-124525111-708259637-1543119021-103169
-Account: (no domain)\(no name)
-ACE Type: 0x01 = ACCESS_DENIED_ACE_TYPE
-ACE Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE
-ACE Mask: 0x001F0716 = fsdrightWriteBody | fsdrightAppendMsg | fsdrightWriteProperty | fsdrightWriteAttributes | fsdrightWriteOwnProperty | fsdrightDeleteOwnItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize
-ACE Size: 0x0024
-SID: S-1-5-21-124525111-708259637-1543119021-103169
-Account: (no domain)\(no name)
-ACE Type: 0x01 = ACCESS_DENIED_ACE_TYPE
-ACE Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE
-ACE Mask: 0x001F0FBF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightWriteOwnProperty | fsdrightDeleteOwnItem | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize
-ACE Size: 0x0024
-SID: S-1-5-21-124525095-708259637-1543119021-754602
-Account: (no domain)\(no name)
-ACE Type: 0x00 = ACCESS_ALLOWED_ACE_TYPE
-ACE Flags: 0x02 = CONTAINER_INHERIT_ACE
-ACE Mask: 0x001208A9 = fsdrightReadBody | fsdrightReadProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightViewItem | fsdrightReadControl | fsdrightSynchronize
-ACE Size: 0x0024
-SID: S-1-5-21-124525111-708259637-1543119021-103169
-Account: (no domain)\(no name)
-ACE Type: 0x01 = ACCESS_DENIED_ACE_TYPE
-ACE Flags: 0x02 = CONTAINER_INHERIT_ACE
-ACE Mask: 0x000DC916 = fsdrightWriteBody | fsdrightAppendMsg | fsdrightWriteProperty | fsdrightWriteAttributes | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | 0xC000
-ACE Size: 0x0024
-SID: S-1-5-21-124525111-708259637-1543119021-103169
-Account: (no domain)\(no name)
-ACE Type: 0x01 = ACCESS_DENIED_ACE_TYPE
-ACE Flags: 0x02 = CONTAINER_INHERIT_ACE
-ACE Mask: 0x001FC9BF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize | 0xC000
-ACE Size: 0x0024
-SID: S-1-5-21-124525095-708259637-1543119021-754602
\ No newline at end of file
+	Padding: 0x0008
+	Version: 0x0003 = SECURITY_DESCRIPTOR_TRANSFER_VERSION
+	Security Information: 0x00000000 = 0x0
+	Security Descriptor
+		Revision: 0x01
+		Sbz1: 0x00
+		Control: 0x8007
+		OffsetOwner: 0x000000F4
+		OffsetGroup: 0x00000100
+		OffsetSacl: 0x00000000
+		OffsetDacl: 0x00000014
+		OwnerSid
+			SID
+				User: NT AUTHORITY\SYSTEM
+				Textual SID: S-1-5-18
+					Revision: 0x01
+					SubAuthorityCount: 0x01
+					IdentifierAuthority: SECURITY_NT_AUTHORITY
+					SubAuthority[0]: 18 = 0x00000012
+		GroupSid
+			SID
+				User: BUILTIN\Administrators
+				Textual SID: S-1-5-32-544
+					Revision: 0x01
+					SubAuthorityCount: 0x02
+					IdentifierAuthority: SECURITY_NT_AUTHORITY
+					SubAuthority[0]: 32 = 0x00000020
+					SubAuthority[1]: 544 = 0x00000220
+		Dacl
+			ACL
+				Revision: 0x02
+				Sbz1: 0x00
+				AclSize: 0x00E0
+				AceCount: 0x0006
+				Sbz2: 0x0000
+				ACE
+					Type: 0x00 = ACCESS_ALLOWED_ACE_TYPE
+					Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE
+					Size: 0x0024
+					Mask: 0x001208A9 = fsdrightReadBody | fsdrightReadProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightViewItem | fsdrightReadControl | fsdrightSynchronize
+					SID
+						User: (no domain)\(no name)
+						Textual SID: S-1-5-21-124525111-708259637-1543119021-103169
+							Revision: 0x01
+							SubAuthorityCount: 0x05
+							IdentifierAuthority: SECURITY_NT_AUTHORITY
+							SubAuthority[0]: 21 = 0x00000015
+							SubAuthority[1]: 124525111 = 0x076C1A37
+							SubAuthority[2]: 708259637 = 0x2A372F35
+							SubAuthority[3]: 1543119021 = 0x5BFA20AD
+							SubAuthority[4]: 103169 = 0x00019301
+				ACE
+					Type: 0x01 = ACCESS_DENIED_ACE_TYPE
+					Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE
+					Size: 0x0024
+					Mask: 0x001F0716 = fsdrightWriteBody | fsdrightAppendMsg | fsdrightWriteProperty | fsdrightWriteAttributes | fsdrightWriteOwnProperty | fsdrightDeleteOwnItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize
+					SID
+						User: (no domain)\(no name)
+						Textual SID: S-1-5-21-124525111-708259637-1543119021-103169
+							Revision: 0x01
+							SubAuthorityCount: 0x05
+							IdentifierAuthority: SECURITY_NT_AUTHORITY
+							SubAuthority[0]: 21 = 0x00000015
+							SubAuthority[1]: 124525111 = 0x076C1A37
+							SubAuthority[2]: 708259637 = 0x2A372F35
+							SubAuthority[3]: 1543119021 = 0x5BFA20AD
+							SubAuthority[4]: 103169 = 0x00019301
+				ACE
+					Type: 0x01 = ACCESS_DENIED_ACE_TYPE
+					Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE
+					Size: 0x0024
+					Mask: 0x001F0FBF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightWriteOwnProperty | fsdrightDeleteOwnItem | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize
+					SID
+						User: (no domain)\(no name)
+						Textual SID: S-1-5-21-124525095-708259637-1543119021-754602
+							Revision: 0x01
+							SubAuthorityCount: 0x05
+							IdentifierAuthority: SECURITY_NT_AUTHORITY
+							SubAuthority[0]: 21 = 0x00000015
+							SubAuthority[1]: 124525095 = 0x076C1A27
+							SubAuthority[2]: 708259637 = 0x2A372F35
+							SubAuthority[3]: 1543119021 = 0x5BFA20AD
+							SubAuthority[4]: 754602 = 0x000B83AA
+				ACE
+					Type: 0x00 = ACCESS_ALLOWED_ACE_TYPE
+					Flags: 0x02 = CONTAINER_INHERIT_ACE
+					Size: 0x0024
+					Mask: 0x001208A9 = fsdrightReadBody | fsdrightReadProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightViewItem | fsdrightReadControl | fsdrightSynchronize
+					SID
+						User: (no domain)\(no name)
+						Textual SID: S-1-5-21-124525111-708259637-1543119021-103169
+							Revision: 0x01
+							SubAuthorityCount: 0x05
+							IdentifierAuthority: SECURITY_NT_AUTHORITY
+							SubAuthority[0]: 21 = 0x00000015
+							SubAuthority[1]: 124525111 = 0x076C1A37
+							SubAuthority[2]: 708259637 = 0x2A372F35
+							SubAuthority[3]: 1543119021 = 0x5BFA20AD
+							SubAuthority[4]: 103169 = 0x00019301
+				ACE
+					Type: 0x01 = ACCESS_DENIED_ACE_TYPE
+					Flags: 0x02 = CONTAINER_INHERIT_ACE
+					Size: 0x0024
+					Mask: 0x000DC916 = fsdrightWriteBody | fsdrightAppendMsg | fsdrightWriteProperty | fsdrightWriteAttributes | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | 0xC000
+					SID
+						User: (no domain)\(no name)
+						Textual SID: S-1-5-21-124525111-708259637-1543119021-103169
+							Revision: 0x01
+							SubAuthorityCount: 0x05
+							IdentifierAuthority: SECURITY_NT_AUTHORITY
+							SubAuthority[0]: 21 = 0x00000015
+							SubAuthority[1]: 124525111 = 0x076C1A37
+							SubAuthority[2]: 708259637 = 0x2A372F35
+							SubAuthority[3]: 1543119021 = 0x5BFA20AD
+							SubAuthority[4]: 103169 = 0x00019301
+				ACE
+					Type: 0x01 = ACCESS_DENIED_ACE_TYPE
+					Flags: 0x02 = CONTAINER_INHERIT_ACE
+					Size: 0x0024
+					Mask: 0x001FC9BF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize | 0xC000
+					SID
+						User: (no domain)\(no name)
+						Textual SID: S-1-5-21-124525095-708259637-1543119021-754602
+							Revision: 0x01
+							SubAuthorityCount: 0x05
+							IdentifierAuthority: SECURITY_NT_AUTHORITY
+							SubAuthority[0]: 21 = 0x00000015
+							SubAuthority[1]: 124525095 = 0x076C1A27
+							SubAuthority[2]: 708259637 = 0x2A372F35
+							SubAuthority[3]: 1543119021 = 0x5BFA20AD
+							SubAuthority[4]: 754602 = 0x000B83AA
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/Out/NTSD-out-2.dat b/UnitTest/SmartViewTestData/Out/NTSD-out-2.dat
index 037489d31..4fa36ba16 100644
--- a/UnitTest/SmartViewTestData/Out/NTSD-out-2.dat
+++ b/UnitTest/SmartViewTestData/Out/NTSD-out-2.dat
@@ -1,17 +1,68 @@
 PR_NT_SECURITY_DESCRIPTOR
-	Security Info
-		0x0
-	Security Version: 0x0003 = SECURITY_DESCRIPTOR_TRANSFER_VERSION
-	Descriptor
-	Account: (no domain)\(no name)
-ACE Type: 0x01 = ACCESS_DENIED_ACE_TYPE
-ACE Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE
-ACE Mask: 0x001F0FBF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightWriteOwnProperty | fsdrightDeleteOwnItem | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize
-ACE Size: 0x0024
-SID: S-1-5-21-124525095-708259637-1543119021-754602
-Account: (no domain)\(no name)
-ACE Type: 0x01 = ACCESS_DENIED_ACE_TYPE
-ACE Flags: 0x02 = CONTAINER_INHERIT_ACE
-ACE Mask: 0x001FC9BF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize | 0xC000
-ACE Size: 0x0024
-SID: S-1-5-21-124525095-708259637-1543119021-754602
\ No newline at end of file
+	Padding: 0x0008
+	Version: 0x0003 = SECURITY_DESCRIPTOR_TRANSFER_VERSION
+	Security Information: 0x00000000 = 0x0
+	Security Descriptor
+		Revision: 0x01
+		Sbz1: 0x00
+		Control: 0x8007
+		OffsetOwner: 0x00000064
+		OffsetGroup: 0x00000070
+		OffsetSacl: 0x00000000
+		OffsetDacl: 0x00000014
+		OwnerSid
+			SID
+				User: NT AUTHORITY\SYSTEM
+				Textual SID: S-1-5-18
+					Revision: 0x01
+					SubAuthorityCount: 0x01
+					IdentifierAuthority: SECURITY_NT_AUTHORITY
+					SubAuthority[0]: 18 = 0x00000012
+		GroupSid
+			SID
+				User: BUILTIN\Administrators
+				Textual SID: S-1-5-32-544
+					Revision: 0x01
+					SubAuthorityCount: 0x02
+					IdentifierAuthority: SECURITY_NT_AUTHORITY
+					SubAuthority[0]: 32 = 0x00000020
+					SubAuthority[1]: 544 = 0x00000220
+		Dacl
+			ACL
+				Revision: 0x02
+				Sbz1: 0x00
+				AclSize: 0x0050
+				AceCount: 0x0002
+				Sbz2: 0x0000
+				ACE
+					Type: 0x01 = ACCESS_DENIED_ACE_TYPE
+					Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE
+					Size: 0x0024
+					Mask: 0x001F0FBF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightWriteOwnProperty | fsdrightDeleteOwnItem | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize
+					SID
+						User: (no domain)\(no name)
+						Textual SID: S-1-5-21-124525095-708259637-1543119021-754602
+							Revision: 0x01
+							SubAuthorityCount: 0x05
+							IdentifierAuthority: SECURITY_NT_AUTHORITY
+							SubAuthority[0]: 21 = 0x00000015
+							SubAuthority[1]: 124525095 = 0x076C1A27
+							SubAuthority[2]: 708259637 = 0x2A372F35
+							SubAuthority[3]: 1543119021 = 0x5BFA20AD
+							SubAuthority[4]: 754602 = 0x000B83AA
+				ACE
+					Type: 0x01 = ACCESS_DENIED_ACE_TYPE
+					Flags: 0x02 = CONTAINER_INHERIT_ACE
+					Size: 0x0024
+					Mask: 0x001FC9BF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize | 0xC000
+					SID
+						User: (no domain)\(no name)
+						Textual SID: S-1-5-21-124525095-708259637-1543119021-754602
+							Revision: 0x01
+							SubAuthorityCount: 0x05
+							IdentifierAuthority: SECURITY_NT_AUTHORITY
+							SubAuthority[0]: 21 = 0x00000015
+							SubAuthority[1]: 124525095 = 0x076C1A27
+							SubAuthority[2]: 708259637 = 0x2A372F35
+							SubAuthority[3]: 1543119021 = 0x5BFA20AD
+							SubAuthority[4]: 754602 = 0x000B83AA
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/Out/NTSD-out-3.dat b/UnitTest/SmartViewTestData/Out/NTSD-out-3.dat
index d4917aa54..1f8ba2d41 100644
--- a/UnitTest/SmartViewTestData/Out/NTSD-out-3.dat
+++ b/UnitTest/SmartViewTestData/Out/NTSD-out-3.dat
@@ -1,5 +1,36 @@
 PR_NT_SECURITY_DESCRIPTOR
-	Security Info
-		0x0
-	Security Version: 0x0003 = SECURITY_DESCRIPTOR_TRANSFER_VERSION
-	Descriptor
\ No newline at end of file
+	Padding: 0x0008
+	Version: 0x0003 = SECURITY_DESCRIPTOR_TRANSFER_VERSION
+	Security Information: 0x00000000 = 0x0
+	Security Descriptor
+		Revision: 0x01
+		Sbz1: 0x00
+		Control: 0x8007
+		OffsetOwner: 0x0000001C
+		OffsetGroup: 0x00000028
+		OffsetSacl: 0x00000000
+		OffsetDacl: 0x00000014
+		OwnerSid
+			SID
+				User: NT AUTHORITY\SYSTEM
+				Textual SID: S-1-5-18
+					Revision: 0x01
+					SubAuthorityCount: 0x01
+					IdentifierAuthority: SECURITY_NT_AUTHORITY
+					SubAuthority[0]: 18 = 0x00000012
+		GroupSid
+			SID
+				User: BUILTIN\Administrators
+				Textual SID: S-1-5-32-544
+					Revision: 0x01
+					SubAuthorityCount: 0x02
+					IdentifierAuthority: SECURITY_NT_AUTHORITY
+					SubAuthority[0]: 32 = 0x00000020
+					SubAuthority[1]: 544 = 0x00000220
+		Dacl
+			ACL
+				Revision: 0x02
+				Sbz1: 0x00
+				AclSize: 0x0008
+				AceCount: 0x0000
+				Sbz2: 0x0000
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/Out/NTSD-out-4.dat b/UnitTest/SmartViewTestData/Out/NTSD-out-4.dat
index ee1c483ea..00366395f 100644
--- a/UnitTest/SmartViewTestData/Out/NTSD-out-4.dat
+++ b/UnitTest/SmartViewTestData/Out/NTSD-out-4.dat
@@ -1,5 +1,9 @@
 PR_NT_SECURITY_DESCRIPTOR
-	Security Info
-	Security Version: 0x7AB0 = 0x7AB0
-	Descriptor
-	This is not a valid security descriptor.
\ No newline at end of file
+	Padding: 0x06B6
+	Version: 0x7AB0 = 0x7AB0
+	Security Information: 0xAB7960BB = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION | UNPROTECTED_DACL_SECURITY_INFORMATION | 0xB7960B0
+	NamedProp
+		Tag = 0x8220
+		Kind = 0xC7
+	NamedProp
+		Kind = 0x60
\ No newline at end of file
diff --git a/core/smartview/SD/NTSD.cpp b/core/smartview/SD/NTSD.cpp
index 1d293fd6c..09fae6729 100644
--- a/core/smartview/SD/NTSD.cpp
+++ b/core/smartview/SD/NTSD.cpp
@@ -5,9 +5,32 @@
 #include <core/interpret/flags.h>
 #include <core/interpret/sid.h>
 #include <core/mapi/mapiFunctions.h>
+#include <core/interpret/guid.h>
 
 namespace smartview
 {
+	void NamedProp::parse()
+	{
+		tag = blockT<WORD>::parse(parser);
+		guid = blockT<GUID>::parse(parser);
+		kind = blockT<BYTE>::parse(parser);
+		if (*kind == MNID_ID)
+			id = blockT<DWORD>::parse(parser);
+		else
+			name = blockStringW::parse(parser);
+	}
+	void NamedProp::parseBlocks()
+	{
+		setText(L"NamedProp");
+		addChild(tag, L"Tag = 0x%1!04X!", tag->getData());
+		addChild(guid, L"GUID = %1!ws!", guid::GUIDToString(*guid).c_str());
+		addChild(kind, L"Kind = 0x%1!02X!", kind->getData());
+		if (*kind == MNID_ID)
+			addChild(id, L"ID = 0x%1!08X!", id->getData());
+		else
+			addChild(name, L"Name = %1!ws!", name->c_str());
+	}
+
 	NTSD::NTSD(_In_opt_ LPMAPIPROP lpMAPIProp, bool bFB)
 	{
 		switch (mapi::GetMAPIObjectType(lpMAPIProp))
@@ -23,32 +46,68 @@ namespace smartview
 		if (bFB) acetype = sid::aceType::FreeBusy;
 	}
 
-	void NTSD::parse() { m_SDbin = blockBytes::parse(parser, parser->getSize()); }
-
-	void NTSD::parseBlocks()
+	void NTSD::parse()
 	{
-		if (m_SDbin)
-		{
-			setText(L"PR_NT_SECURITY_DESCRIPTOR");
+		// Layout:
+		// X padding value
+		// X+2 version value
+		// X+4 security information value
+		// X+8 <0 or more named properties>
+		// X+padding value <actual security descriptor>
+		// X = getOffset at start
+		// X+8 = getOffset after SecurityInformation read
+		// X+8 < x+padding value => we have named props
+		// size will be x+padding - (x+8) = padding -  8
+		const auto baseOffset = parser->getOffset();
+		const auto bufferSize = parser->getSize();
+		Padding = blockT<WORD>::parse(parser);
+		Version = blockT<WORD>::parse(parser);
+		SecurityInformation = blockT<DWORD>::parse(parser);
+		const auto bytesConsumed = parser->getOffset() - baseOffset;
+		const auto bytesLeft = bufferSize - bytesConsumed;
+		const auto namedPropSize = (*Padding < bufferSize && *Padding >= bytesConsumed) ? *Padding - bytesConsumed : bytesLeft;
 
-			// TODO: more accurately break this parsing into blocks with proper offsets
-			const auto sd = NTSDToString(*m_SDbin, acetype);
-			auto si = create(L"Security Info");
-			addChild(si);
-			if (!sd.info.empty())
+		if (namedPropSize > 0)
+		{
+			parser->setCap(namedPropSize);
+			while (true)
 			{
-				si->addChild(m_SDbin, sd.info);
+				const auto np = block::parse<NamedProp>(parser, false);
+				if (!np->isSet()) break;
+				NamedProperties.push_back(np);
 			}
 
-			if (m_SDbin->size() >= 2 * sizeof(WORD))
-			{
-				const auto sdVersion = SECURITY_DESCRIPTOR_VERSION(m_SDbin->data());
-				auto szFlags = flags::InterpretFlags(flagSecurityVersion, sdVersion);
-				addHeader(L"Security Version: 0x%1!04X! = %2!ws!", sdVersion, szFlags.c_str());
-			}
+			parser->clearCap();
+		}
+
+		if (*Padding < bufferSize)
+		{
+			parser->setOffset(baseOffset + *Padding);
+			SD = std::make_shared<SDBin>(acetype);
+			SD->block::parse(parser, false);
+		}
+	}
 
-			addHeader(L"Descriptor");
-			addHeader(sd.dacl);
+	void NTSD::parseBlocks()
+	{
+		setText(L"PR_NT_SECURITY_DESCRIPTOR");
+		addChild(Padding, L"Padding: 0x%1!04X!", Padding->getData());
+		addChild(
+			Version,
+			L"Version: 0x%1!04X! = %2!ws!",
+			Version->getData(),
+			flags::InterpretFlags(flagSecurityVersion, *Version).c_str());
+		addChild(
+			SecurityInformation,
+			L"Security Information: 0x%1!08X! = %2!ws!",
+			SecurityInformation->getData(),
+			flags::InterpretFlags(flagSecurityInfo, *SecurityInformation).c_str());
+
+		for (const auto& np : NamedProperties)
+		{
+			addChild(np);
 		}
+
+		addChild(SD);
 	}
 } // namespace smartview
\ No newline at end of file
diff --git a/core/smartview/SD/NTSD.h b/core/smartview/SD/NTSD.h
index a79720848..2ed97306d 100644
--- a/core/smartview/SD/NTSD.h
+++ b/core/smartview/SD/NTSD.h
@@ -2,12 +2,26 @@
 #include <core/smartview/block/block.h>
 #include <core/smartview/block/blockBytes.h>
 #include <core/smartview/block/blockT.h>
-#include <core/interpret/sid.h>
+#include <core/smartview/block/blockStringW.h>
 #include <core/smartview/SD/NTSD.h>
-#include <core/smartview/SD/ACLBin.h>
+#include <core/smartview/SD/SDBin.h>
 
 namespace smartview
 {
+	class NamedProp : public block
+	{
+	private:
+		void parse() override;
+		void parseBlocks() override;
+
+		std::shared_ptr<blockT<WORD>> tag = emptyT<WORD>();
+		std::shared_ptr<blockT<GUID>> guid = emptyT<GUID>();
+		std::shared_ptr<blockT<BYTE>> kind = emptyT<BYTE>();
+		std::shared_ptr<blockT<DWORD>> id = emptyT<DWORD>();
+		std::shared_ptr<blockStringW> name = emptySW();
+	};
+
+
 	// PR_NT_SECURITY_DESCRIPTOR
 	// https://github.com/microsoft/MAPIStubLibrary/blob/main/include/EdkMdb.h
 	//
@@ -37,7 +51,12 @@ namespace smartview
 		void parse() override;
 		void parseBlocks() override;
 
+		std::shared_ptr<blockT<WORD>> Padding = emptyT<WORD>();
+		std::shared_ptr<blockT<WORD>> Version = emptyT<WORD>();
+		std::shared_ptr<blockT<DWORD>> SecurityInformation = emptyT<DWORD>();
+		std::vector<std::shared_ptr<NamedProp>> NamedProperties;
+		std::shared_ptr<SDBin> SD;
+
 		sid::aceType acetype{sid::aceType::Message};
-		std::shared_ptr<blockBytes> m_SDbin = emptyBB();
 	};
 } // namespace smartview
\ No newline at end of file
diff --git a/core/smartview/SD/SDBin.cpp b/core/smartview/SD/SDBin.cpp
index 4e3d7d61e..a25f9d31b 100644
--- a/core/smartview/SD/SDBin.cpp
+++ b/core/smartview/SD/SDBin.cpp
@@ -25,16 +25,20 @@ namespace smartview
 
 	void SDBin::parse()
 	{
+		const auto baseOffset = parser->getOffset();
 		auto originalOffset = size_t{};
-		auto postSdOffset = size_t{};
 		const auto sdSize = parser->getSize();
 
 		Revision = blockT<BYTE>::parse(parser);
 		Sbz1 = blockT<BYTE>::parse(parser);
 		Control = blockT<WORD>::parse(parser);
 		OffsetOwner = blockT<DWORD>::parse(parser);
-		auto newOffset = OffsetOwner->getData();
-		if (newOffset && newOffset < sdSize)
+
+		// Read from offsets now - first remember where we are
+		// We'll consider anything after our last read to be junk
+		auto postSdOffset = parser->getOffset();
+		auto newOffset = *OffsetOwner + baseOffset;
+		if (*OffsetOwner && newOffset < sdSize)
 		{
 			originalOffset = parser->getOffset();
 			parser->setOffset(newOffset);
@@ -44,8 +48,8 @@ namespace smartview
 		}
 
 		OffsetGroup = blockT<DWORD>::parse(parser);
-		newOffset = OffsetGroup->getData();
-		if (newOffset && newOffset < sdSize)
+		newOffset = *OffsetGroup + baseOffset;
+		if (*OffsetGroup && newOffset < sdSize)
 		{
 			originalOffset = parser->getOffset();
 			parser->setOffset(newOffset);
@@ -55,8 +59,8 @@ namespace smartview
 		}
 
 		OffsetSacl = blockT<DWORD>::parse(parser);
-		newOffset = OffsetSacl->getData();
-		if (newOffset && newOffset < sdSize)
+		newOffset = *OffsetSacl + baseOffset;
+		if (*OffsetSacl && newOffset < sdSize)
 		{
 			originalOffset = parser->getOffset();
 			parser->setOffset(newOffset);
@@ -66,8 +70,8 @@ namespace smartview
 		}
 
 		OffsetDacl = blockT<DWORD>::parse(parser);
-		newOffset = OffsetDacl->getData();
-		if (newOffset && newOffset < sdSize)
+		newOffset = *OffsetDacl + baseOffset;
+		if (*OffsetDacl && newOffset < sdSize)
 		{
 			originalOffset = parser->getOffset();
 			parser->setOffset(newOffset);
@@ -76,6 +80,7 @@ namespace smartview
 			parser->setOffset(originalOffset);
 		}
 
+		// Having read everything, set our offset to the end of the SD
 		parser->setOffset(postSdOffset);
 	}
 
diff --git a/core/smartview/SD/SDBin.h b/core/smartview/SD/SDBin.h
index b0ef13fc3..64646a610 100644
--- a/core/smartview/SD/SDBin.h
+++ b/core/smartview/SD/SDBin.h
@@ -14,6 +14,7 @@ namespace smartview
 	{
 	public:
 		SDBin(_In_opt_ LPMAPIPROP lpMAPIProp, bool bFB);
+		SDBin(_In_ sid::aceType _acetype) : acetype(_acetype) {};
 
 	private:
 		void parse() override;

From 4e04b3b59eaf9412a68daea62536739b2d619ddc Mon Sep 17 00:00:00 2001
From: Stephen Griffin <sgriffin@outlook.com>
Date: Thu, 16 Jan 2025 11:52:02 -0500
Subject: [PATCH 13/19] simplify ntsd, add test case

---
 UnitTest/SmartViewTestData/In/NTSD-5.dat      |  1 +
 UnitTest/SmartViewTestData/Out/NTSD-out-5.dat |  9 +++++++++
 core/smartview/SD/NTSD.cpp                    | 14 ++------------
 3 files changed, 12 insertions(+), 12 deletions(-)
 create mode 100644 UnitTest/SmartViewTestData/In/NTSD-5.dat
 create mode 100644 UnitTest/SmartViewTestData/Out/NTSD-out-5.dat

diff --git a/UnitTest/SmartViewTestData/In/NTSD-5.dat b/UnitTest/SmartViewTestData/In/NTSD-5.dat
new file mode 100644
index 000000000..521a9baf8
--- /dev/null
+++ b/UnitTest/SmartViewTestData/In/NTSD-5.dat
@@ -0,0 +1 @@
+0A00B07ABB6079AB2082C760
\ No newline at end of file
diff --git a/UnitTest/SmartViewTestData/Out/NTSD-out-5.dat b/UnitTest/SmartViewTestData/Out/NTSD-out-5.dat
new file mode 100644
index 000000000..9b2683a13
--- /dev/null
+++ b/UnitTest/SmartViewTestData/Out/NTSD-out-5.dat
@@ -0,0 +1,9 @@
+PR_NT_SECURITY_DESCRIPTOR
+	Padding: 0x000A
+	Version: 0x7AB0 = 0x7AB0
+	Security Information: 0xAB7960BB = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION | UNPROTECTED_DACL_SECURITY_INFORMATION | 0xB7960B0
+	NamedProp
+		Tag = 0x8220
+	Security Descriptor
+		Revision: 0xC7
+		Sbz1: 0x60
\ No newline at end of file
diff --git a/core/smartview/SD/NTSD.cpp b/core/smartview/SD/NTSD.cpp
index 09fae6729..8f02001a2 100644
--- a/core/smartview/SD/NTSD.cpp
+++ b/core/smartview/SD/NTSD.cpp
@@ -48,24 +48,14 @@ namespace smartview
 
 	void NTSD::parse()
 	{
-		// Layout:
-		// X padding value
-		// X+2 version value
-		// X+4 security information value
-		// X+8 <0 or more named properties>
-		// X+padding value <actual security descriptor>
-		// X = getOffset at start
-		// X+8 = getOffset after SecurityInformation read
-		// X+8 < x+padding value => we have named props
-		// size will be x+padding - (x+8) = padding -  8
 		const auto baseOffset = parser->getOffset();
 		const auto bufferSize = parser->getSize();
 		Padding = blockT<WORD>::parse(parser);
 		Version = blockT<WORD>::parse(parser);
 		SecurityInformation = blockT<DWORD>::parse(parser);
 		const auto bytesConsumed = parser->getOffset() - baseOffset;
-		const auto bytesLeft = bufferSize - bytesConsumed;
-		const auto namedPropSize = (*Padding < bufferSize && *Padding >= bytesConsumed) ? *Padding - bytesConsumed : bytesLeft;
+		const auto namedPropSize =
+			(bufferSize > *Padding && *Padding >= bytesConsumed) ? *Padding - bytesConsumed : parser->getSize();
 
 		if (namedPropSize > 0)
 		{

From 046962ab16083af1c47566d3357ccf8c4bef669c Mon Sep 17 00:00:00 2001
From: Stephen Griffin <sgriffin@outlook.com>
Date: Thu, 16 Jan 2025 13:59:13 -0500
Subject: [PATCH 14/19] reimplement NTSDToString with smartview

---
 UI/MySecInfo.cpp         |  3 +--
 core/interpret/sid.cpp   | 20 ++++++++++----------
 core/interpret/sid.h     |  2 +-
 core/smartview/SD/NTSD.h |  1 +
 4 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/UI/MySecInfo.cpp b/UI/MySecInfo.cpp
index 5aa3ed48a..a7b369569 100644
--- a/UI/MySecInfo.cpp
+++ b/UI/MySecInfo.cpp
@@ -205,8 +205,7 @@ namespace mapi::mapiui
 
 				// Dump our SD
 				auto sd = NTSDToString(std::vector<BYTE>(lpSDBuffer, lpSDBuffer + cbSBBuffer), m_acetype);
-				output::DebugPrint(
-					output::dbgLevel::Generic, L"sdInfo: %ws\nszDACL: %ws\n", sd.info.c_str(), sd.dacl.c_str());
+				output::DebugPrint(output::dbgLevel::Generic, L"sd: %ws", sd.c_str());
 			}
 		}
 
diff --git a/core/interpret/sid.cpp b/core/interpret/sid.cpp
index 0ce854c86..fe9012afc 100644
--- a/core/interpret/sid.cpp
+++ b/core/interpret/sid.cpp
@@ -7,6 +7,7 @@
 #include <core/utility/error.h>
 #include <core/smartview/SmartView.h>
 #include <core/addin/mfcmapi.h>
+#include <core/smartview/SD/NTSD.h>
 
 namespace sid
 {
@@ -286,17 +287,16 @@ namespace sid
 		}
 	}
 
-	_Check_return_ SecurityDescriptor NTSDToString(const std::vector<BYTE>& buf, aceType acetype)
+	_Check_return_ std::wstring NTSDToString(const std::vector<BYTE>& buf, aceType acetype)
 	{
-		if (!IsValidSecurityDescriptorEx(buf))
-			return SecurityDescriptor{strings::formatmessage(IDS_INVALIDSD), strings::emptystring};
-		const auto pSecurityDescriptor = SECURITY_DESCRIPTOR_OF(buf.data());
-		const auto cbSecurityDescriptor = buf.size() - CbSecurityDescriptorHeader(buf.data());
-		const auto sdVector = std::vector<BYTE>(pSecurityDescriptor, pSecurityDescriptor + cbSecurityDescriptor);
-		const auto sdString = SDToString(sdVector, acetype);
-
-		return SecurityDescriptor{
-			sdString, flags::InterpretFlags(flagSecurityInfo, SECURITY_INFORMATION_OF(buf.data()))};
+		const std::shared_ptr<smartview::block> svp = std::make_shared<smartview::NTSD>(acetype);
+		if (svp)
+		{
+			svp->parse(std::make_shared<smartview::binaryParser>(buf), true);
+			return svp->toString();
+		}
+
+		return {};
 	}
 
 	_Check_return_ std::wstring SDToString(const std::vector<BYTE>& buf, aceType acetype)
diff --git a/core/interpret/sid.h b/core/interpret/sid.h
index cc737eb7f..4a85566fe 100644
--- a/core/interpret/sid.h
+++ b/core/interpret/sid.h
@@ -35,6 +35,6 @@ namespace sid
 	_Check_return_ std::wstring GetTextualSid(std::vector<BYTE> buf);
 	_Check_return_ SidAccount LookupAccountSid(PSID SidStart);
 	_Check_return_ SidAccount LookupAccountSid(std::vector<BYTE> buf);
-	_Check_return_ SecurityDescriptor NTSDToString(const std::vector<BYTE>& buf, aceType acetype);
+	_Check_return_ std::wstring NTSDToString(const std::vector<BYTE>& buf, aceType acetype);
 	_Check_return_ std::wstring SDToString(const std::vector<BYTE>& buf, aceType acetype);
 } // namespace sid
\ No newline at end of file
diff --git a/core/smartview/SD/NTSD.h b/core/smartview/SD/NTSD.h
index 2ed97306d..25403f12a 100644
--- a/core/smartview/SD/NTSD.h
+++ b/core/smartview/SD/NTSD.h
@@ -46,6 +46,7 @@ namespace smartview
 	{
 	public:
 		NTSD(_In_opt_ LPMAPIPROP lpMAPIProp, bool bFB);
+		NTSD(_In_ sid::aceType _acetype) : acetype(_acetype) {};
 
 	private:
 		void parse() override;

From d29e21d5a22983527481d65d2d604f921ffc61ca Mon Sep 17 00:00:00 2001
From: Stephen Griffin <sgriffin@outlook.com>
Date: Thu, 16 Jan 2025 14:01:10 -0500
Subject: [PATCH 15/19] Remove dead code

---
 UnitTest/tests/sidtest.cpp | 48 --------------------------------------
 core/interpret/sid.cpp     | 31 ------------------------
 core/interpret/sid.h       |  1 -
 3 files changed, 80 deletions(-)

diff --git a/UnitTest/tests/sidtest.cpp b/UnitTest/tests/sidtest.cpp
index 32b097d9d..53e5c1d36 100644
--- a/UnitTest/tests/sidtest.cpp
+++ b/UnitTest/tests/sidtest.cpp
@@ -69,53 +69,5 @@ namespace sidtest
 			// test ACEToString with a zero length vector
 			unittest::AreEqualEx(std::wstring{L""}, ACEToString({}, sid::aceType::Container));
 		}
-
-		TEST_METHOD(Test_NTSDToString)
-		{
-			const auto nullsd = NTSDToString({}, sid::aceType::Container);
-			Assert::AreEqual(std::wstring{L"This is not a valid security descriptor."}, nullsd.dacl);
-			Assert::AreEqual(std::wstring{L""}, nullsd.info);
-
-			const auto invalid =
-				NTSDToString(strings::HexStringToBin(L"B606B07ABB6079AB2082C760"), sid::aceType::Container);
-			Assert::AreEqual(std::wstring{L"This is not a valid security descriptor."}, invalid.dacl);
-			Assert::AreEqual(std::wstring{L""}, invalid.info);
-
-			const auto sd = NTSDToString(
-				strings::HexStringToBin(L"0800030000000000010007801C000000280000000000000014000000020008000000000001010"
-										L"000000000051200000001020000000000052000000020020000"),
-				sid::aceType::Container);
-			Assert::AreEqual(std::wstring{L""}, sd.dacl);
-			Assert::AreEqual(std::wstring{L"0x0"}, sd.info);
-
-			const auto sd1 = NTSDToString(
-				strings::HexStringToBin(
-					L"08000300000000000100078064000000700000000000000014000000020050000200000001092400BF0F1F00010500000"
-					L"000000515000000271A6C07352F372AAD20FA5BAA830B0001022400BFC91F00010500000000000515000000271A6C0735"
-					L"2F372AAD20FA5BAA830B0001010000000000051200000001020000000000052000000020020000"),
-				sid::aceType::Container);
-			unittest::AreEqualEx(
-				std::wstring{
-					L"Account: (no domain)\\(no name)\r\n"
-					L"ACE Type: 0x01 = ACCESS_DENIED_ACE_TYPE\r\n"
-					L"ACE Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE\r\n"
-					L"ACE Mask: 0x001F0FBF = fsdrightListContents | fsdrightCreateItem | fsdrightCreateContainer | "
-					L"fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | "
-					L"fsdrightWriteAttributes | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | "
-					L"fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize | 0x600\r\n"
-					L"ACE Size: 0x0024\r\n"
-					L"SID: S-1-5-21-124525095-708259637-1543119021-754602\r\n"
-					L"Account: (no domain)\\(no name)\r\n"
-					L"ACE Type: 0x01 = ACCESS_DENIED_ACE_TYPE\r\n"
-					L"ACE Flags: 0x02 = CONTAINER_INHERIT_ACE\r\n"
-					L"ACE Mask: 0x001FC9BF = fsdrightListContents | fsdrightCreateItem | fsdrightCreateContainer | "
-					L"fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | "
-					L"fsdrightWriteAttributes | fsdrightViewItem | fsdrightOwner | fsdrightContact | fsdrightWriteSD | "
-					L"fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize\r\n"
-					L"ACE Size: 0x0024\r\n"
-					L"SID: S-1-5-21-124525095-708259637-1543119021-754602"},
-				sd1.dacl);
-			unittest::AreEqualEx(std::wstring{L"0x0"}, sd1.info);
-		}
 	};
 } // namespace sidtest
\ No newline at end of file
diff --git a/core/interpret/sid.cpp b/core/interpret/sid.cpp
index fe9012afc..a5e511498 100644
--- a/core/interpret/sid.cpp
+++ b/core/interpret/sid.cpp
@@ -298,35 +298,4 @@ namespace sid
 
 		return {};
 	}
-
-	_Check_return_ std::wstring SDToString(const std::vector<BYTE>& buf, aceType acetype)
-	{
-		const auto pSecurityDescriptor = const_cast<LPBYTE>(buf.data());
-		if (!IsValidSecurityDescriptor(pSecurityDescriptor)) return {};
-
-		auto bValidDACL = static_cast<BOOL>(false);
-		auto pACL = PACL{};
-		auto bDACLDefaulted = static_cast<BOOL>(false);
-		auto sdString = std::vector<std::wstring>{};
-		EC_B_S(GetSecurityDescriptorDacl(pSecurityDescriptor, &bValidDACL, &pACL, &bDACLDefaulted));
-		if (bValidDACL && pACL)
-		{
-			auto ACLSizeInfo = ACL_SIZE_INFORMATION{};
-			EC_B_S(GetAclInformation(pACL, &ACLSizeInfo, sizeof ACLSizeInfo, AclSizeInformation));
-
-			for (DWORD i = 0; i < ACLSizeInfo.AceCount; i++)
-			{
-				auto pACE = LPVOID{};
-
-				WC_B_S(GetAce(pACL, i, &pACE));
-				if (pACE)
-				{
-					// TODO: Replace this with the counted buffer variant
-					sdString.push_back(ACEToString(pACE, acetype));
-				}
-			}
-		}
-
-		return strings::join(sdString, L"\r\n");
-	}
 } // namespace sid
\ No newline at end of file
diff --git a/core/interpret/sid.h b/core/interpret/sid.h
index 4a85566fe..91972bee4 100644
--- a/core/interpret/sid.h
+++ b/core/interpret/sid.h
@@ -36,5 +36,4 @@ namespace sid
 	_Check_return_ SidAccount LookupAccountSid(PSID SidStart);
 	_Check_return_ SidAccount LookupAccountSid(std::vector<BYTE> buf);
 	_Check_return_ std::wstring NTSDToString(const std::vector<BYTE>& buf, aceType acetype);
-	_Check_return_ std::wstring SDToString(const std::vector<BYTE>& buf, aceType acetype);
 } // namespace sid
\ No newline at end of file

From f067c83c1c703336a00c18b2e6661f33e6ac8a7f Mon Sep 17 00:00:00 2001
From: Stephen Griffin <sgriffin@outlook.com>
Date: Thu, 16 Jan 2025 14:04:32 -0500
Subject: [PATCH 16/19] Remove dead code

---
 UnitTest/tests/sidtest.cpp |  23 +------
 core/interpret/sid.cpp     | 136 -------------------------------------
 core/interpret/sid.h       |   2 -
 3 files changed, 1 insertion(+), 160 deletions(-)

diff --git a/UnitTest/tests/sidtest.cpp b/UnitTest/tests/sidtest.cpp
index 53e5c1d36..8bba199d9 100644
--- a/UnitTest/tests/sidtest.cpp
+++ b/UnitTest/tests/sidtest.cpp
@@ -3,11 +3,6 @@
 #include <core/interpret/sid.h>
 #include <core/utility/strings.h>
 
-namespace sid
-{
-	std::wstring ACEToString(const std::vector<BYTE>& buf, aceType acetype);
-}
-
 namespace sidtest
 {
 	TEST_CLASS(sidtest)
@@ -18,32 +13,22 @@ namespace sidtest
 
 		TEST_CLASS_INITIALIZE(initialize) { unittest::init(); }
 
-		TEST_METHOD(Test_GetTextualSid)
+		TEST_METHOD(Test_LookupAccountSid)
 		{
-			Assert::AreEqual(std::wstring{}, sid::GetTextualSid({}));
 			auto nullAccount = sid::LookupAccountSid({});
 			Assert::AreEqual(std::wstring{L"(no domain)"}, nullAccount.getDomain());
 			Assert::AreEqual(std::wstring{L"(no name)"}, nullAccount.getName());
 
-			Assert::AreEqual(std::wstring{}, sid::GetTextualSid({12}));
 			auto invalidAccount = sid::LookupAccountSid({12});
 			Assert::AreEqual(std::wstring{L"(no domain)"}, invalidAccount.getDomain());
 			Assert::AreEqual(std::wstring{L"(no name)"}, invalidAccount.getName());
 
 			auto simpleSidBin = strings::HexStringToBin(L"010500000000000515000000A065CF7E784B9B5FE77C8770091C0100");
-			Assert::AreEqual(
-				std::wstring{L"S-1-5-21-2127521184-1604012920-1887927527-72713"}, sid::GetTextualSid(simpleSidBin));
 			auto simpleSidAccount = sid::LookupAccountSid(simpleSidBin);
 			Assert::AreEqual(std::wstring{L"(no domain)"}, simpleSidAccount.getDomain());
 			Assert::AreEqual(std::wstring{L"(no name)"}, simpleSidAccount.getName());
 
-			Assert::AreEqual(
-				std::wstring{L"S-1-000102030405-21-2127521184-1604012920-1887927527-72713"},
-				sid::GetTextualSid(
-					strings::HexStringToBin(L"010500010203040515000000A065CF7E784B9B5FE77C8770091C0100")));
-
 			auto authenticatedUsersSidBin = strings::HexStringToBin(L"01 01 000000000005 0B000000");
-			Assert::AreEqual(std::wstring{L"S-1-5-11"}, sid::GetTextualSid(authenticatedUsersSidBin));
 			auto authenticatedUsersSidAccount = sid::LookupAccountSid(authenticatedUsersSidBin);
 			Assert::AreEqual(std::wstring{L"NT AUTHORITY"}, authenticatedUsersSidAccount.getDomain());
 			Assert::AreEqual(std::wstring{L"Authenticated Users"}, authenticatedUsersSidAccount.getName());
@@ -63,11 +48,5 @@ namespace sidtest
 			Assert::AreEqual(std::wstring{L"foo"}, account2.getDomain());
 			Assert::AreEqual(std::wstring{L"bar"}, account2.getName());
 		}
-
-		TEST_METHOD(Test_ACEToString)
-		{
-			// test ACEToString with a zero length vector
-			unittest::AreEqualEx(std::wstring{L""}, ACEToString({}, sid::aceType::Container));
-		}
 	};
 } // namespace sidtest
\ No newline at end of file
diff --git a/core/interpret/sid.cpp b/core/interpret/sid.cpp
index a5e511498..9d21f9a01 100644
--- a/core/interpret/sid.cpp
+++ b/core/interpret/sid.cpp
@@ -71,52 +71,6 @@ namespace sid
 		}
 	}
 
-	// [MS-DTYP] 2.4.2.2 SID--Packet Representation
-	// https://msdn.microsoft.com/en-us/library/gg465313.aspx
-	_Check_return_ std::wstring GetTextualSid(_In_opt_ PSID pSid)
-	{
-		// Validate the binary SID.
-		if (!pSid || !IsValidSid(pSid)) return {};
-
-		// Get the identifier authority value from the SID.
-		const auto psia = GetSidIdentifierAuthority(pSid);
-
-		// Get the number of subauthorities in the SID.
-		const auto lpSubAuthoritiesCount = GetSidSubAuthorityCount(pSid);
-
-		// Compute the buffer length.
-		// S-SID_REVISION- + IdentifierAuthority- + subauthorities- + NULL
-		// Add 'S' prefix and revision number to the string.
-		auto TextualSid = strings::format(L"S-%lu-", SID_REVISION); // STRING_OK
-
-		// Add SID identifier authority to the string.
-		TextualSid += IdentifierAuthorityToString(*psia);
-
-		// Add SID subauthorities to the string.
-		if (lpSubAuthoritiesCount)
-		{
-			for (DWORD dwCounter = 0; dwCounter < *lpSubAuthoritiesCount; dwCounter++)
-			{
-				if (pSid)
-				{
-					TextualSid += strings::format(
-						L"-%lu", // STRING_OK
-						*GetSidSubAuthority(pSid, dwCounter));
-				}
-			}
-		}
-
-		return TextualSid;
-	}
-
-	_Check_return_ std::wstring GetTextualSid(std::vector<BYTE> buf)
-	{
-		const auto subAuthorityCount = buf.size() >= 2 ? buf[1] : 0;
-		if (buf.size() < sizeof(SID) - sizeof(DWORD) + sizeof(DWORD) * subAuthorityCount) return {};
-
-		return GetTextualSid(buf.data());
-	}
-
 	_Check_return_ SidAccount LookupAccountSid(PSID SidStart)
 	{
 		if (!IsValidSid(SidStart)) return {};
@@ -183,96 +137,6 @@ namespace sid
 			->toString();
 	}
 
-	std::wstring ACEToString(_In_opt_ void* pACE, aceType acetype)
-	{
-		std::vector<std::wstring> aceString;
-		PACE_HEADER pAceHeader = static_cast<PACE_HEADER>(pACE);
-		ACCESS_MASK Mask = 0;
-		DWORD Flags = 0;
-		GUID ObjectType = {};
-		GUID InheritedObjectType = {};
-		SID* SidStart = nullptr;
-		auto bObjectFound = false;
-
-		if (!pACE) return L"";
-
-		/* Check type of ACE */
-		switch (pAceHeader->AceType)
-		{
-		case ACCESS_ALLOWED_ACE_TYPE:
-			Mask = static_cast<ACCESS_ALLOWED_ACE*>(pACE)->Mask;
-			SidStart = reinterpret_cast<SID*>(&static_cast<ACCESS_ALLOWED_ACE*>(pACE)->SidStart);
-			break;
-		case ACCESS_DENIED_ACE_TYPE:
-			Mask = static_cast<ACCESS_DENIED_ACE*>(pACE)->Mask;
-			SidStart = reinterpret_cast<SID*>(&static_cast<ACCESS_DENIED_ACE*>(pACE)->SidStart);
-			break;
-		case ACCESS_ALLOWED_OBJECT_ACE_TYPE:
-			Mask = static_cast<ACCESS_ALLOWED_OBJECT_ACE*>(pACE)->Mask;
-			Flags = static_cast<ACCESS_ALLOWED_OBJECT_ACE*>(pACE)->Flags;
-			ObjectType = static_cast<ACCESS_ALLOWED_OBJECT_ACE*>(pACE)->ObjectType;
-			InheritedObjectType = static_cast<ACCESS_ALLOWED_OBJECT_ACE*>(pACE)->InheritedObjectType;
-			SidStart = reinterpret_cast<SID*>(&static_cast<ACCESS_ALLOWED_OBJECT_ACE*>(pACE)->SidStart);
-			bObjectFound = true;
-			break;
-		case ACCESS_DENIED_OBJECT_ACE_TYPE:
-			Mask = static_cast<ACCESS_DENIED_OBJECT_ACE*>(pACE)->Mask;
-			Flags = static_cast<ACCESS_DENIED_OBJECT_ACE*>(pACE)->Flags;
-			ObjectType = static_cast<ACCESS_DENIED_OBJECT_ACE*>(pACE)->ObjectType;
-			InheritedObjectType = static_cast<ACCESS_DENIED_OBJECT_ACE*>(pACE)->InheritedObjectType;
-			SidStart = reinterpret_cast<SID*>(&static_cast<ACCESS_DENIED_OBJECT_ACE*>(pACE)->SidStart);
-			bObjectFound = true;
-			break;
-		}
-
-		auto lpStringSid = GetTextualSid(SidStart);
-		auto szAceType = flags::InterpretFlags(flagACEType, pAceHeader->AceType);
-		auto szAceFlags = flags::InterpretFlags(flagACEFlag, pAceHeader->AceFlags);
-		auto szAceMask = std::wstring{};
-
-		switch (acetype)
-		{
-		case aceType::Container:
-			szAceMask = flags::InterpretFlags(flagACEMaskContainer, Mask);
-			break;
-		case aceType::Message:
-			szAceMask = flags::InterpretFlags(flagACEMaskNonContainer, Mask);
-			break;
-		case aceType::FreeBusy:
-			szAceMask = flags::InterpretFlags(flagACEMaskFreeBusy, Mask);
-			break;
-		};
-
-		auto sidAccount = sid::LookupAccountSid(SidStart);
-
-		auto szSID = GetTextualSid(SidStart);
-		if (szSID.empty()) szSID = strings::formatmessage(IDS_NOSID);
-
-		aceString.push_back(strings::formatmessage(
-			IDS_SIDACCOUNT,
-			sidAccount.getDomain().c_str(),
-			sidAccount.getName().c_str(),
-			pAceHeader->AceType,
-			szAceType.c_str(),
-			pAceHeader->AceFlags,
-			szAceFlags.c_str(),
-			Mask,
-			szAceMask.c_str(),
-			pAceHeader->AceSize,
-			szSID.c_str()));
-
-		if (bObjectFound)
-		{
-			aceString.push_back(strings::formatmessage(IDS_SIDOBJECTYPE));
-			aceString.push_back(guid::GUIDToStringAndName(&ObjectType));
-			aceString.push_back(strings::formatmessage(IDS_SIDINHERITEDOBJECTYPE));
-			aceString.push_back(guid::GUIDToStringAndName(&InheritedObjectType));
-			aceString.push_back(strings::formatmessage(IDS_SIDFLAGS, Flags));
-		}
-
-		return strings::join(aceString, L"\r\n");
-	}
-
 	_Check_return_ bool IsValidSecurityDescriptorEx(const std::vector<BYTE>& buf) noexcept
 	{
 		try
diff --git a/core/interpret/sid.h b/core/interpret/sid.h
index 91972bee4..a4e681431 100644
--- a/core/interpret/sid.h
+++ b/core/interpret/sid.h
@@ -31,8 +31,6 @@ namespace sid
 
 	_Check_return_ std::wstring LookupIdentifierAuthority(const SID_IDENTIFIER_AUTHORITY& authority);
 	_Check_return_ std::wstring IdentifierAuthorityToString(const SID_IDENTIFIER_AUTHORITY& authority);
-	_Check_return_ std::wstring GetTextualSid(_In_opt_ PSID pSid);
-	_Check_return_ std::wstring GetTextualSid(std::vector<BYTE> buf);
 	_Check_return_ SidAccount LookupAccountSid(PSID SidStart);
 	_Check_return_ SidAccount LookupAccountSid(std::vector<BYTE> buf);
 	_Check_return_ std::wstring NTSDToString(const std::vector<BYTE>& buf, aceType acetype);

From c734a97a2304e2b58e380d4b715e32976857fe7b Mon Sep 17 00:00:00 2001
From: Stephen Griffin <sgriffin@outlook.com>
Date: Thu, 16 Jan 2025 14:25:10 -0500
Subject: [PATCH 17/19] remove dead code

---
 core/interpret/sid.cpp | 28 +++++-----------------------
 core/interpret/sid.h   |  7 -------
 2 files changed, 5 insertions(+), 30 deletions(-)

diff --git a/core/interpret/sid.cpp b/core/interpret/sid.cpp
index 9d21f9a01..4e5f0e8d1 100644
--- a/core/interpret/sid.cpp
+++ b/core/interpret/sid.cpp
@@ -71,8 +71,12 @@ namespace sid
 		}
 	}
 
-	_Check_return_ SidAccount LookupAccountSid(PSID SidStart)
+	_Check_return_ SidAccount LookupAccountSid(std::vector<BYTE> buf)
 	{
+		const auto subAuthorityCount = buf.size() >= 2 ? buf[1] : 0;
+		if (buf.size() < sizeof(SID) - sizeof(DWORD) + sizeof(DWORD) * subAuthorityCount) return {};
+
+		PSID SidStart = buf.data();
 		if (!IsValidSid(SidStart)) return {};
 
 		// TODO: Make use of SidNameUse information
@@ -108,14 +112,6 @@ namespace sid
 			std::wstring(sidDomainBuf.begin(), sidDomainBuf.end()), std::wstring(sidNameBuf.begin(), sidNameBuf.end())};
 	}
 
-	_Check_return_ SidAccount LookupAccountSid(std::vector<BYTE> buf)
-	{
-		const auto subAuthorityCount = buf.size() >= 2 ? buf[1] : 0;
-		if (buf.size() < sizeof(SID) - sizeof(DWORD) + sizeof(DWORD) * subAuthorityCount) return {};
-
-		return LookupAccountSid(buf.data());
-	}
-
 	std::wstring ACEToString(const std::vector<BYTE>& buf, aceType acetype)
 	{
 		parserType parser = parserType::ACEMESSAGE;
@@ -137,20 +133,6 @@ namespace sid
 			->toString();
 	}
 
-	_Check_return_ bool IsValidSecurityDescriptorEx(const std::vector<BYTE>& buf) noexcept
-	{
-		try
-		{
-			if (buf.empty() || buf.size() < 2 * sizeof(DWORD)) return false;
-			if (CbSecurityDescriptorHeader(buf.data()) >= buf.size()) return false;
-			const auto pSecurityDescriptor = SECURITY_DESCRIPTOR_OF(buf.data());
-			return IsValidSecurityDescriptor(pSecurityDescriptor);
-		} catch (...)
-		{
-			return false;
-		}
-	}
-
 	_Check_return_ std::wstring NTSDToString(const std::vector<BYTE>& buf, aceType acetype)
 	{
 		const std::shared_ptr<smartview::block> svp = std::make_shared<smartview::NTSD>(acetype);
diff --git a/core/interpret/sid.h b/core/interpret/sid.h
index a4e681431..9c5541383 100644
--- a/core/interpret/sid.h
+++ b/core/interpret/sid.h
@@ -23,15 +23,8 @@ namespace sid
 		std::wstring name;
 	};
 
-	struct SecurityDescriptor
-	{
-		std::wstring dacl;
-		std::wstring info;
-	};
-
 	_Check_return_ std::wstring LookupIdentifierAuthority(const SID_IDENTIFIER_AUTHORITY& authority);
 	_Check_return_ std::wstring IdentifierAuthorityToString(const SID_IDENTIFIER_AUTHORITY& authority);
-	_Check_return_ SidAccount LookupAccountSid(PSID SidStart);
 	_Check_return_ SidAccount LookupAccountSid(std::vector<BYTE> buf);
 	_Check_return_ std::wstring NTSDToString(const std::vector<BYTE>& buf, aceType acetype);
 } // namespace sid
\ No newline at end of file

From 9231f150c20c2f11576f2792b1a6214353c3d70f Mon Sep 17 00:00:00 2001
From: Stephen Griffin <sgriffin@outlook.com>
Date: Thu, 16 Jan 2025 14:26:09 -0500
Subject: [PATCH 18/19] remove dead code

---
 core/interpret/sid.cpp | 21 ---------------------
 1 file changed, 21 deletions(-)

diff --git a/core/interpret/sid.cpp b/core/interpret/sid.cpp
index 4e5f0e8d1..ce66bd57e 100644
--- a/core/interpret/sid.cpp
+++ b/core/interpret/sid.cpp
@@ -112,27 +112,6 @@ namespace sid
 			std::wstring(sidDomainBuf.begin(), sidDomainBuf.end()), std::wstring(sidNameBuf.begin(), sidNameBuf.end())};
 	}
 
-	std::wstring ACEToString(const std::vector<BYTE>& buf, aceType acetype)
-	{
-		parserType parser = parserType::ACEMESSAGE;
-		switch (acetype)
-		{
-		case aceType::Container:
-			parser = parserType::ACECONTAINER;
-			break;
-		case aceType::Message:
-			parser = parserType::ACEMESSAGE;
-			break;
-		case aceType::FreeBusy:
-			parser = parserType::ACEFB;
-			break;
-		}
-
-		return smartview::InterpretBinary(
-				   {static_cast<ULONG>(buf.size()), const_cast<LPBYTE>(buf.data())}, parser, nullptr)
-			->toString();
-	}
-
 	_Check_return_ std::wstring NTSDToString(const std::vector<BYTE>& buf, aceType acetype)
 	{
 		const std::shared_ptr<smartview::block> svp = std::make_shared<smartview::NTSD>(acetype);

From a3146485fd06862d193b572c51fdb3de2d87c0f5 Mon Sep 17 00:00:00 2001
From: Stephen Griffin <sgriffin@outlook.com>
Date: Thu, 16 Jan 2025 15:02:19 -0500
Subject: [PATCH 19/19] fix clang violations

---
 core/interpret/sid.h      | 2 +-
 core/smartview/SD/NTSD.h  | 3 +--
 core/smartview/SD/SDBin.h | 2 +-
 3 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/core/interpret/sid.h b/core/interpret/sid.h
index 9c5541383..b406a8384 100644
--- a/core/interpret/sid.h
+++ b/core/interpret/sid.h
@@ -14,7 +14,7 @@ namespace sid
 	public:
 		SidAccount() = default;
 		SidAccount(std::wstring _domain, std::wstring _name) noexcept
-			: domain(std::move(_domain)), name(std::move(_name)) {};
+			: domain(std::move(_domain)), name(std::move(_name)){};
 		_Check_return_ std::wstring getDomain() const;
 		_Check_return_ std::wstring getName() const;
 
diff --git a/core/smartview/SD/NTSD.h b/core/smartview/SD/NTSD.h
index 25403f12a..748f85481 100644
--- a/core/smartview/SD/NTSD.h
+++ b/core/smartview/SD/NTSD.h
@@ -21,7 +21,6 @@ namespace smartview
 		std::shared_ptr<blockStringW> name = emptySW();
 	};
 
-
 	// PR_NT_SECURITY_DESCRIPTOR
 	// https://github.com/microsoft/MAPIStubLibrary/blob/main/include/EdkMdb.h
 	//
@@ -46,7 +45,7 @@ namespace smartview
 	{
 	public:
 		NTSD(_In_opt_ LPMAPIPROP lpMAPIProp, bool bFB);
-		NTSD(_In_ sid::aceType _acetype) : acetype(_acetype) {};
+		NTSD(_In_ sid::aceType _acetype) : acetype(_acetype){};
 
 	private:
 		void parse() override;
diff --git a/core/smartview/SD/SDBin.h b/core/smartview/SD/SDBin.h
index 64646a610..1c512495e 100644
--- a/core/smartview/SD/SDBin.h
+++ b/core/smartview/SD/SDBin.h
@@ -14,7 +14,7 @@ namespace smartview
 	{
 	public:
 		SDBin(_In_opt_ LPMAPIPROP lpMAPIProp, bool bFB);
-		SDBin(_In_ sid::aceType _acetype) : acetype(_acetype) {};
+		SDBin(_In_ sid::aceType _acetype) : acetype(_acetype){};
 
 	private:
 		void parse() override;