美国的华莱士

将当前用户设定为某注册表键的所有者,并使其拥有完全访问权限

华莱士

·

#include <Windows.h>
#include <Aclapi.h>

bool AdjustPrivileges(char* SeName)
{
	HANDLE				hToken = NULL;
	TOKEN_PRIVILEGES	tp;
	TOKEN_PRIVILEGES	oldtp;
	DWORD				dwSize = sizeof(TOKEN_PRIVILEGES);
	LUID				luid;

	SecureZeroMemory(&tp, sizeof(tp));
	SecureZeroMemory(&oldtp, sizeof(oldtp));
	SecureZeroMemory(&luid, sizeof(luid));
	if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken) == FALSE) 
	{
		if (GetLastError() == ERROR_CALL_NOT_IMPLEMENTED)
			return true;
		else
			return false;
	}
	if (LookupPrivilegeValueA(NULL, SeName, &luid) == FALSE) 
	{
		CloseHandle(hToken);
		return false;
	}
	tp.PrivilegeCount = 1;
	tp.Privileges[0].Luid = luid;
	tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

	bool r = AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), &oldtp, &dwSize) ? true : false;
	CloseHandle(hToken);
	return r;
};

bool TakeOwnerAndSetCurrentUserFullAccess(HKEY hKey)
{
	CHAR                    UserName[36];
	DWORD                   cbUserName = sizeof(UserName);
	CHAR                    Sid[1024];
	DWORD                   cbSid = sizeof(Sid);
	CHAR                    DomainBuffer[128];
	DWORD                   cbDomainBuffer = sizeof(DomainBuffer);
	SID_NAME_USE            eUse;
	PACL                    Dacl = NULL, OldDacl = NULL;
	EXPLICIT_ACCESS         Ea;
	PSECURITY_DESCRIPTOR    Sd = NULL;
	bool                    r = false;

	SecureZeroMemory(Sid, sizeof(Sid));
	SecureZeroMemory(DomainBuffer, sizeof(DomainBuffer));

	if (AdjustPrivileges(SE_TAKE_OWNERSHIP_NAME) && AdjustPrivileges(SE_RESTORE_NAME))
	{
		GetUserNameA(UserName, &cbUserName);
		if (LookupAccountNameA(NULL, UserName, &Sid, &cbSid, DomainBuffer, &cbDomainBuffer, &eUse))
		{
			SecureZeroMemory(&Ea, sizeof(EXPLICIT_ACCESS));

			GetSecurityInfo(hKey, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION, NULL, NULL, &OldDacl, NULL, &Sd);
			BuildExplicitAccessWithNameA(&Ea, UserName, GENERIC_ALL, GRANT_ACCESS, SUB_CONTAINERS_AND_OBJECTS_INHERIT);
			if (SetEntriesInAclA(1, &Ea, OldDacl, &Dacl) == ERROR_SUCCESS)
			{
				//更改所有者
				DWORD result = SetSecurityInfo(hKey, SE_REGISTRY_KEY, OWNER_SECURITY_INFORMATION, &Sid, NULL, NULL, NULL);
				if (result != ERROR_SUCCESS)
				{
					DWORD errCode = GetLastError();
				}
				//添加完全控制权限,如果所有者没添加成功,但是当前用户有操作该文件的权限,那么依旧可以添加完全控制权限
				if (SetSecurityInfo(hKey, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION, &Sid, NULL, Dacl, NULL) == ERROR_SUCCESS)
				{
					r = true;
				}
			}
		}
	}
	return r;
}

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注