给进程创建一个安全描述符(SA)
2011-12-24 19:01
239 查看
#include<windows.h> #include<stdio.h> #include<aclapi.h> voidmain() { DWORDdwRes,dwDisposition; PSIDpEveryoneSID=NULL,pAdminSID=NULL; PACLpACL=NULL; PSECURITY_DESCRIPTORpSD=NULL; EXPLICIT_ACCESSea[2]; SID_IDENTIFIER_AUTHORITYSIDAuthWorld= SECURITY_WORLD_SID_AUTHORITY; SID_IDENTIFIER_AUTHORITYSIDAuthNT=SECURITY_NT_AUTHORITY; SECURITY_ATTRIBUTESsa; LONGlRes; HKEYhkSub=NULL; //Createawell-knownSIDfortheEveryonegroup. if(!AllocateAndInitializeSid(&SIDAuthWorld,1, SECURITY_WORLD_RID, 0,0,0,0,0,0,0, &pEveryoneSID)) { printf("AllocateAndInitializeSidError%u\n",GetLastError()); gotoCleanup; } //InitializeanEXPLICIT_ACCESSstructureforanACE. //TheACEwillallowEveryonereadaccesstothekey. ZeroMemory(&ea,2*sizeof(EXPLICIT_ACCESS)); ea[0].grfAccessPermissions=KEY_READ; ea[0].grfAccessMode=SET_ACCESS; ea[0].grfInheritance=NO_INHERITANCE; ea[0].Trustee.TrusteeForm=TRUSTEE_IS_SID; ea[0].Trustee.TrusteeType=TRUSTEE_IS_WELL_KNOWN_GROUP; ea[0].Trustee.ptstrName=(LPTSTR)pEveryoneSID; //CreateaSIDfortheBUILTIN\Administratorsgroup. if(!AllocateAndInitializeSid(&SIDAuthNT,2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0,0,0,0,0,0, &pAdminSID)) { printf("AllocateAndInitializeSidError%u\n",GetLastError()); gotoCleanup; } //InitializeanEXPLICIT_ACCESSstructureforanACE. //TheACEwillallowtheAdministratorsgroupfullaccessto //thekey. ea[1].grfAccessPermissions=KEY_ALL_ACCESS; ea[1].grfAccessMode=SET_ACCESS; ea[1].grfInheritance=NO_INHERITANCE; ea[1].Trustee.TrusteeForm=TRUSTEE_IS_SID; ea[1].Trustee.TrusteeType=TRUSTEE_IS_GROUP; ea[1].Trustee.ptstrName=(LPTSTR)pAdminSID; //CreateanewACLthatcontainsthenewACEs. dwRes=SetEntriesInAcl(2,ea,NULL,&pACL); if(ERROR_SUCCESS!=dwRes) { printf("SetEntriesInAclError%u\n",GetLastError()); gotoCleanup; } //Initializeasecuritydescriptor. pSD=(PSECURITY_DESCRIPTOR)LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH); if(NULL==pSD) { printf("LocalAllocError%u\n",GetLastError()); gotoCleanup; } if(!InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION)) { printf("InitializeSecurityDescriptorError%u\n", GetLastError()); gotoCleanup; } //AddtheACLtothesecuritydescriptor. if(!SetSecurityDescriptorDacl(pSD, TRUE,//bDaclPresentflag pACL, FALSE))//notadefaultDACL { printf("SetSecurityDescriptorDaclError%u\n", GetLastError()); gotoCleanup; } //Initializeasecurityattributesstructure. sa.nLength=sizeof(SECURITY_ATTRIBUTES); sa.lpSecurityDescriptor=pSD; sa.bInheritHandle=FALSE; //Usethesecurityattributestosetthesecuritydescriptor //whenyoucreateakey. lRes=RegCreateKeyEx(HKEY_CURRENT_USER,"mykey",0,"",0, KEY_READ|KEY_WRITE,&sa,&hkSub,&dwDisposition); printf("RegCreateKeyExresult%u\n",lRes); Cleanup: if(pEveryoneSID) FreeSid(pEveryoneSID); if(pAdminSID) FreeSid(pAdminSID); if(pACL) LocalFree(pACL); if(pSD) LocalFree(pSD); if(hkSub) RegCloseKey(hkSub); return; }
来源于MSDN:ms-help://MS.MSDNQTR.v90.chs/secauthz/security/creating_a_security_descriptor_for_a_new_object_in_c__.htm
相关文章推荐
- 给进程创建一个安全描述符(SA)
- 在服务中用管理员权限创建一个进程
- 实验 六:分析linux内核创建一个新进程的过程
- Unix/Linux如何创建一个后台进程(run background process)
- Linux系统创建一个新的进程
- 如何创建和关闭一个守护进程
- C++创建一个新的进程
- window创建进程的一个简单例子
- Linux内核创建一个新进程的过程
- 编写一个孤儿进程,这个孤儿进程可以同时创建100个僵死进程
- Linux如何创建一个进程
- 一个简单的GNU 守护进程的创建
- C++创建一个新的进程
- 一个简单的好玩程序(可以创建进程)
- 服务进程创建一个带窗口的进程,过UAC
- 分析Linux内核创建一个新进程的过程
- 创建一个进程
- linux内核分析第六周-分析Linux内核创建一个新进程的过程
- Linux环境下,使用PHP创建一个守护进程
- 分析Linux内核创建一个新进程的过程