Yesterday I wanted to find a SYSTEM permission to modify the example of the registry, thank EVA to write a source code that Xiao Ca.exe announced that there is no, I really have forgotten.
Don't always stare at System permissions. SYSTEM is unobstructed, but the access of Sam has admin enough. Although Admin does not access SAM directly, access is available. I give an example you modify it yourself. CODZ:
#include #include #pragma Comment (lib, "advapi32.lib") void main () {dword dwret; lpstr samname = "Machine // sam // sam"; psecurity_descriptor PSD = NULL; PACL pOldDacl = NULL; PACL pNewDacl = NULL; EXPLICIT_ACCESS ea; HKEY hKey = NULL; // Get DACL dwRet SAM primary key = GetNamedSecurityInfo (SamName, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION, NULL, NULL, & pOldDacl, NULL, & pSD); if ( DWRET! = Error_Success) {PrintF ("GetNameDSecurityInfo Error:% D / N", DWRET); Goto FreeAndexit;} // Create an ACE, allowing the Everyone fully controls the object, and allows the child object to inherit this authority ZeromeMory (& Ea, Sizeof) EXPLICIT_ACCESS)); BuildExplicitAccessWithName (& ea, "Everyone", KEY_ALL_ACCESS, SET_ACCESS, SUB_CONTAINERS_AND_OBJECTS_INHERIT); // new ACE added DACL dwRet = SetEntriesInAcl (1, & ea, pOldDacl, & pNewDacl);! if (dwRet = ERROR_SUCCESS) {printf ( "STENTRIESINACL ERROR:% D / N", dwret); goto freeandexit;} // update SAM primary key The DACL dwRet = SetNamedSecurityInfo (SamName, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION, NULL, NULL, pNewDacl, NULL); if (dwRet = ERROR_SUCCESS!) {Printf ( "SetNamedSecurityInfo Error:% d / n", dwRet); goto FreeAndExit;} // open SAM subkey dwRet = RegOpenKeyEx (HKEY_LOCAL_MACHINE, "SAM // SAM // Domains // Account // Users // 000001F4", 0, KEY_ALL_ACCESS, & hKey); if (! dwRet = ERROR_SUCCESS) {printf ( "RegOpenKeyEx Error :% D / N ", DWRET); goto freeandexit;} printf ("
Open SAM Subkey Successfully./n "); FreeAndExit: if (hKey) RegCloseKey (hKey); if (pNewDacl) LocalFree (pNewDacl); // restore the SAM primary key DACL if (pOldDacl) SetNamedSecurityInfo (SamName, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION, NULL , NULL, POLDDACL, NULL); if (PSD) Localfree (PSD); Return;} This code is actually the functionality of regedT32 modified permissions by calling the API.
P.S. I originally wanted to use ReggetKeySecurity and RegGetKeySecurity, but STENTRIESINACL always "Parameter Error", I don't know where the problem is, depressed.
