方法一:
bool SetRegSecurity(HKEY hKey, DWORD AccessMask)
{
//AccessMask: KEY_ALL_ACCESS|KEY_READ
SID_IDENTIFIER_AUTHORITY sia = SECURITY_NT_AUTHORITY;
PSID pAdministratorsSid = NULL;
SECURITY_DESCRIPTOR sd;
PACL pDacl = NULL;
DWORD dwAclSize;
if(!AllocateAndInitializeSid(&sia,2,SECURITY_BUILTIN_DOMAIN_RID,DOMAIN_ALIAS_RID_ADMINS,0, 0, 0, 0, 0, 0,&pAdministratorsSid))
return false;
dwAclSize = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) + GetLengthSid(pAdministratorsSid);
pDacl = (PACL)HeapAlloc(GetProcessHeap(), 0, dwAclSize);
if(!InitializeAcl(pDacl, dwAclSize, ACL_REVISION))
return false;
if(!AddAccessAllowedAce(pDacl,ACL_REVISION,AccessMask,pAdministratorsSid))
return false;
if(!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION))
return false;
if(!SetSecurityDescriptorDacl(&sd, TRUE, pDacl, FALSE))
return false;
if(RegSetKeySecurity(hKey,(SECURITY_INFORMATION)DACL_SECURITY_INFORMATION,&sd)!=ERROR_SUCCESS)
return false;
if(pDacl != NULL)
HeapFree(GetProcessHeap(), 0, pDacl);
if(pAdministratorsSid != NULL)
FreeSid(pAdministratorsSid);
return true;
}
方法二:
#include <windows.h>
#include <stdio.h>
#include <Aclapi.h>
#pragma comment(lib,"Advapi32")
int main()
{
LPSTR SamName = "CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run"; //要修改的SAM项路径
PACL pOldDacl=NULL;
PACL pNewDacl=NULL;
DWORD dRet;
EXPLICIT_ACCESS eia;
PSECURITY_DESCRIPTOR pSID=NULL;
dRet = GetNamedSecurityInfo(SamName,SE_REGISTRY_KEY,DACL_SECURITY_INFORMATION,NULL,NULL,&pOldDacl,NULL,&pSID);// 获取SAM主键的DACL
if(dRet=ERROR_SUCCESS)
return 0;
//创建一个ACE,允许Administrators组成员完全控制对象,并允许子对象继承此权限
ZeroMemory(&eia,sizeof(EXPLICIT_ACCESS));
BuildExplicitAccessWithName(&eia,"Administrators",KEY_READ,SET_ACCESS,SUB_CONTAINERS_AND_OBJECTS_INHERIT);
// 将新的ACE加入DACL
dRet = SetEntriesInAcl(1,&eia,pOldDacl,&pNewDacl);
if(dRet=ERROR_SUCCESS)
return 0;
// 更新SAM主键的DACL
dRet = SetNamedSecurityInfo(SamName,SE_REGISTRY_KEY,DACL_SECURITY_INFORMATION,NULL,NULL,pNewDacl,NULL);
if(dRet=ERROR_SUCCESS)
return 0;
//释放DACL和SID
if(pNewDacl)LocalFree(pNewDacl);
if(pSID)LocalFree(pSID);
return 0;
}