#include #include #include void Alerte(TCHAR *mess) { puts(mess); } SECURITY_ATTRIBUTES sa; PSID pEveryoneSID = NULL, pAdminSID = NULL; PACL pACL = NULL; PSECURITY_DESCRIPTOR pSD = NULL; int SetSecurity(void) { DWORD dwRes; EXPLICIT_ACCESS ea[2]; SID_IDENTIFIER_AUTHORITY SIDAuthWorld = SECURITY_WORLD_SID_AUTHORITY; SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY; // Create a well-known SID for the Everyone group. if(!AllocateAndInitializeSid(&SIDAuthWorld, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &pEveryoneSID)) { TCHAR szBuf[256]; wsprintf(szBuf,"AllocateAndInitializeSid Error %u\n", GetLastError()); Alerte(szBuf); return 0; } // Initialize an EXPLICIT_ACCESS structure for an ACE. // The ACE will allow Everyone read access to the key. ZeroMemory(&ea, 2 * sizeof(EXPLICIT_ACCESS)); ea[0].grfAccessPermissions = KEY_ALL_ACCESS; ea[0].grfAccessMode = SET_ACCESS; ea[0].grfInheritance= NO_INHERITANCE; ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID; ea[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP; ea[0].Trustee.ptstrName = (LPTSTR) pEveryoneSID; // Create a SID for the BUILTIN\Administrators group. if(! AllocateAndInitializeSid(&SIDAuthNT, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &pAdminSID)) { TCHAR szBuf[256]; wsprintf(szBuf,"AllocateAndInitializeSid Error %u\n", GetLastError()); Alerte(szBuf); return 0; } // Initialize an EXPLICIT_ACCESS structure for an ACE. // The ACE will allow the Administrators group full access to // the key. ea[1].grfAccessPermissions = KEY_READ; ea[1].grfAccessMode = SET_ACCESS; ea[1].grfInheritance= NO_INHERITANCE; ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID; ea[1].Trustee.TrusteeType = TRUSTEE_IS_GROUP; ea[1].Trustee.ptstrName = (LPTSTR) pAdminSID; // Create a new ACL that contains the new ACEs. dwRes = SetEntriesInAcl(2, ea, NULL, &pACL); if (ERROR_SUCCESS != dwRes) { TCHAR szBuf[256]; wsprintf(szBuf,"SetEntriesInAcl Error %u\n", GetLastError()); Alerte(szBuf); return 0; } // Initialize a security descriptor. pSD = (PSECURITY_DESCRIPTOR) LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH); if (NULL == pSD) { TCHAR szBuf[256]; wsprintf(szBuf,"LocalAlloc Error %u\n", GetLastError()); Alerte(szBuf); return 0; } if (!InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION)) { TCHAR szBuf[256]; wsprintf(szBuf,"InitializeSecurityDescriptor Error %u\n", GetLastError()); Alerte(szBuf); return 0; } // Add the ACL to the security descriptor. if (!SetSecurityDescriptorDacl(pSD, TRUE, // bDaclPresent flag pACL, FALSE)) // not a default DACL { TCHAR szBuf[256]; wsprintf(szBuf,"SetSecurityDescriptorDacl Error %u\n",GetLastError()); Alerte(szBuf); return 0; } // Initialize a security attributes structure. sa.nLength = sizeof (SECURITY_ATTRIBUTES); sa.lpSecurityDescriptor = pSD; sa.bInheritHandle = FALSE; return 1; } int main(void) { HKEY hkSub = NULL; DWORD dwDisposition; long lRes; if (SetSecurity() != 0) { // Use the security attributes to set the security descriptor // when you create a key. lRes = RegCreateKeyEx(HKEY_CLASSES_ROOT, "mykey", 0, "", 0, KEY_READ | KEY_WRITE, &sa, &hkSub, &dwDisposition); { TCHAR szBuf[80]; LPVOID lpMsgBuf; FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM, NULL,lRes,MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR) &lpMsgBuf, 0, NULL ); wsprintf(szBuf, "%s failed with error %d: %s", "RegCreateKeyEx", lRes, lpMsgBuf); puts(szBuf); LocalFree(lpMsgBuf); } } if (pEveryoneSID) FreeSid(pEveryoneSID); if (pAdminSID) FreeSid(pAdminSID); if (pACL) LocalFree(pACL); if (pSD) LocalFree(pSD); if (hkSub) RegCloseKey(hkSub); return 0; }