登录 用户中心() [退出] 后台管理 注册
   
您的位置: 首页 >> SoftHub关联区 >> 主题: windows10 (xp以后都要) 下写入注册表还要修改注册表对象的权限     [回主站]     [分站链接]
windows10 (xp以后都要) 下写入注册表还要修改注册表对象的权限
clq
浏览(631) - 2018-03-05 18:17:38 发表 编辑

关键字: windows_code

windows10 (xp以后都要) 下写入注册表还要修改注册表对象的权限 (主要是使用 SetNamedSecurityInfo  函数)

另外根据微软的文档修改注册表对象的权限时还要进程自己的权限 - 提权(主要使用 AdjustTokenPrivileges 函数)

http://blog.sina.com.cn/s/blog_5f4838d10100gvub.html
https://msdn.microsoft.com/en-us/library/windows/desktop/aa379321(v=vs.85).aspx

下面这个文档说了注册表需要的权限(我个人觉得很无聊)
https://msdn.microsoft.com/en-us/library/windows/desktop/ms724878(v=vs.85).aspx

--------------------------------------------------
 编程设置修改文件和注册表权限最新完整例子(取消继 (2010-02-04 19:52:46)
转载

标签: 文件 注册表 权限 编程 c it     分类: 安全
取消继承权限的关键在于使用SetNamedSecurityInfo 参数PROTECTED_DACL_SECURITY_INFORMATION

注意:注册表的pObjectName需要转换,这里给出一个例子

#include "Sddl.h"
#include "Aclapi.h"

LRESULT RegModifySecurity(HKEY therootkey,LPTSTR subkey,LPTSTR keysecurity)
{   
    long ret=-1;
    TCHAR keyname[1024]={0};
    if (therootkey==HKEY_CLASSES_ROOT)
    {
        lstrcpy(keyname,_T("CLASSES_ROOT\"));
    }else
    if (therootkey==HKEY_LOCAL_MACHINE)
    {
        lstrcpy(keyname,_T("MACHINE\"));
    }else
    if (therootkey==HKEY_CURRENT_USER)
    {
        lstrcpy(keyname,_T("CURRENT_USER\"));
    }
    else
    if (therootkey==HKEY_USERS)
    {
        lstrcpy(keyname,_T("USERS\"));
    }

    lstrcat(keyname,subkey);

    ret=MySetSecurity(keyname,SE_REGISTRY_KEY,keysecurity);

    return ret;

};
/////http://blog.sina.com.cn/advnetsoft
BOOL SetPrivilege(
                  HANDLE hToken,          // access token handle
                  LPCTSTR lpszPrivilege,  // name of privilege to enable/disable
                  BOOL bEnablePrivilege   // to enable or disable privilege
                  )
{
    TOKEN_PRIVILEGES tp;
    LUID luid;

    if ( !LookupPrivilegeValue(
        NULL,            // lookup privilege on local system
        lpszPrivilege,   // privilege to lookup
        &luid ) )        // receives LUID of privilege
    {
        return FALSE;
    }
/////http://blog.sina.com.cn/advnetsoft
    tp.PrivilegeCount = 1;
    tp.Privileges[0].Luid = luid;
    if (bEnablePrivilege)
        tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
    else
        tp.Privileges[0].Attributes = 0;

    // Enable the privilege or disable all privileges.

    if ( !AdjustTokenPrivileges(
        hToken,
        FALSE,
        &tp,
        sizeof(TOKEN_PRIVILEGES),
        (PTOKEN_PRIVILEGES) NULL,
        (PDWORD) NULL) )
    {
        return FALSE;
    }

    if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)

    {
        return FALSE;
    }
/////http://blog.sina.com.cn/advnetsoft
    return TRUE;
}



LRESULT MySetSecurity(LPTSTR str_name,SE_OBJECT_TYPE e_type, LPTSTR geneic_str)
{

    long bRetval = -1;

    HANDLE hToken = NULL;
    PSID pSIDAdmin = NULL;
    PSID pSIDEveryone = NULL;
    PACL pNewDACL = NULL,pOldDACL = NULL;
    SID_IDENTIFIER_AUTHORITY SIDAuthWorld = SECURITY_WORLD_SID_AUTHORITY;
    SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;
    const int NUM_ACES  = 2;
    EXPLICIT_ACCESS ea[NUM_ACES];
    DWORD dwRes;
/////http://blog.sina.com.cn/advnetsoft
   ///获取操作权限
    OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken);
    SetPrivilege(hToken, SE_TAKE_OWNERSHIP_NAME, TRUE);

    ///获取所有权,再设置
    AllocateAndInitializeSid(&SIDAuthWorld, 1,
        SECURITY_WORLD_RID,
        0,
        0, 0, 0, 0, 0, 0,
        &pSIDEveryone);

    AllocateAndInitializeSid(&SIDAuthNT, 2,
        SECURITY_BUILTIN_DOMAIN_RID,
        DOMAIN_ALIAS_RID_ADMINS,
        0, 0, 0, 0, 0, 0,
        &pSIDAdmin);

    SetNamedSecurityInfo(
        str_name,                 // name of the object
        e_type,              // type of object
        OWNER_SECURITY_INFORMATION,  // change only the object's owner
        pSIDAdmin,                   // SID of Administrator group
        NULL,
        NULL,
        NULL);

/////http://blog.sina.com.cn/advnetsoft
    ///////新权限设置/////////////////////////////

    ZeroMemory(&ea, NUM_ACES * sizeof(EXPLICIT_ACCESS));

    DWORD dwPermission=0;
    ACCESS_MODE e_am=SET_ACCESS;

    if (0==lstrcmpi(geneic_str,_T("ACCESS_READONLY")))
    {
        dwPermission=GENERIC_READ|GENERIC_EXECUTE;
        e_am=SET_ACCESS;       
    }else
    if (0==lstrcmpi(geneic_str,_T("ACCESS_DENYALL")))
    {
        dwPermission=GENERIC_ALL;
        e_am=DENY_ACCESS;
    }else
    if (0==lstrcmpi(geneic_str,_T("ACCESS_GENERICALL")))
    {
        dwPermission=GENERIC_ALL;
        e_am=SET_ACCESS;
    }
/////http://blog.sina.com.cn/advnetsoft
    ea[0].grfAccessPermissions = dwPermission;
    ea[0].grfAccessMode = e_am;
    ea[0].grfInheritance = NO_INHERITANCE;
    ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
    ea[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
    ea[0].Trustee.ptstrName = (LPTSTR) pSIDEveryone;
    ea[1].grfAccessPermissions = dwPermission;
    ea[1].grfAccessMode = e_am;
    ea[1].grfInheritance = NO_INHERITANCE;
    ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
    ea[1].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
    ea[1].Trustee.ptstrName = (LPTSTR) pSIDAdmin;


    SetEntriesInAcl(NUM_ACES, ea, NULL, &pNewDACL);

////////设置////////////////////////
    bRetval = SetNamedSecurityInfo(
        str_name,                 // name of the object
        e_type,              // type of object
        DACL_SECURITY_INFORMATION|PROTECTED_DACL_SECURITY_INFORMATION,         // change only the object's DACL
        NULL,
        NULL,                  // do not change owner or group
        pNewDACL,                        // DACL specified
        NULL);                       // do not change SACL

/////http://blog.sina.com.cn/advnetsoft
Cleanup:
    if (hToken)
        CloseHandle(hToken);

    if (pSIDEveryone)
        FreeSid(pSIDEveryone);

    if (pSIDAdmin)
        FreeSid(pSIDAdmin);

    if (pNewDACL)
        LocalFree(pNewDACL);

    return bRetval;
}
/////http://blog.sina.com.cn/advnetsoft
//使用方式

RegModifySecurity(HKEY_CURRENT_USER,_T("aaa"),_T("ACCESS_READONLY"));
MySetSecurity(_T("CURRENT_USER\\aaa"),SE_REGISTRY_KEY,_T("ACCESS_READONLY"));
MySetSecurity(_T("C:\\Program Files\"),SE_FILE_OBJECT,_T("ACCESS_DENYALL"));

总数:0 页次:1/0 首页 尾页  
总数:0 页次:1/0 首页 尾页  


所在合集/目录



发表评论:
文本/html模式切换 插入图片 文本/html模式切换


附件:



NEWBT官方QQ群1: 276678893
可求档连环画,漫画;询问文本处理大师等软件使用技巧;求档softhub软件下载及使用技巧.
但不可"开车",严禁国家敏感话题,不可求档涉及版权的文档软件.
验证问题说明申请入群原因即可.

Copyright © 2005-2020 clq, All Rights Reserved
版权所有
桂ICP备15002303号-1