VC修改注册表SAM项权限

#include

#include

#include 

#pragma comment(lib,"Advapi32")

int main()

{

LPSTR SamName = "MACHINE\\SAM\\SAM"; //要修改的SAM项路径

PACL pOldDacl=NULL;

PACL pNewDacl=NULL;

DWORD dRet;

EXPLICIT_ACCESS eia;

PSECURITY_DESCRIPTOR pSID=NULL;

dRet = GetNamedSecurityInfo(SamName,SE_REGISTRY_KEY,DACL_SECURITY_INFORMATION,NULL,NULL,&pOldDacl,NULL,&pSID);// 获取SAM主键的DACL 

if(dRet=ERROR_SUCCESS)

return 0;

//创建一个ACE,允许Administrators组成员完全控制对象,并允许子对象继承此权限

ZeroMemory(&eia,sizeof(EXPLICIT_ACCESS));

BuildExplicitAccessWithName(&eia,"Administrators",KEY_ALL_ACCESS,SET_ACCESS,SUB_CONTAINERS_AND_OBJECTS_INHERIT);

// 将新的ACE加入DACL 

dRet = SetEntriesInAcl(1,&eia,pOldDacl,&pNewDacl);

if(dRet=ERROR_SUCCESS)

return 0;

// 更新SAM主键的DACL 

dRet = SetNamedSecurityInfo(SamName,SE_REGISTRY_KEY,DACL_SECURITY_INFORMATION,NULL,NULL,pNewDacl,NULL);

if(dRet=ERROR_SUCCESS)

return 0;

//释放DACL和SID

if(pNewDacl)LocalFree(pNewDacl);

if(pSID)LocalFree(pSID);

return 0;

}

DWORD WINAPI GetNamedSecurityInfo(

LPTSTR pObjectName,                        // object name

SE_OBJECT_TYPE ObjectType,                 // object type

SECURITY_INFORMATION SecurityInfo,        // 消息类型

PSID *ppsidOwner,                          // 所有者的SID

PSID *ppsidGroup,                          // 以前的组 SID

PACL *ppDacl,                              // DACL

PACL *ppSacl,                              // SACL

PSECURITY_DESCRIPTOR *ppSecurityDescriptor // SD

);