如何在Win2k下操作有权限限制的注册表键,如KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run?下面的这段是C++写的,请问VB可以实现吗?
==================================================================================
本文转自csdn,原作:MEFULEU (新手上路)
http://expert.csdn.net/Expert/topic/2194/2194594.xml?temp=.952038在2k系统操作注册表时,发现某些健必须要有权限问题;
察看各位大大的贴,可惜没有一个合适的结果;
有人说:可以提高使用者权限;但是事实上好像不是很好用;
经过艰苦.艰苦.艰艰苦苦;终于在msdn上找到了一些好动动;
不敢独享,(哎,我可不想某人,好东西藏到自己都忘了的地方)
整理出来一些对某些人有用的东西:嘿嘿,代码如下:
严重建议:大家都把好东西往上贴吧!!!!!!欢迎来信探讨: [email protected] //开始重新配置使用注册表的权限------------------------------------------------ LPTSTR lpObjectName;
SE_OBJECT_TYPE ObjectType; //#include <aclapi.h> PACL OldDACL,NewDACL;
PSECURITY_DESCRIPTOR SD;
EXPLICIT_ACCESS ea; lpObjectName = "MACHINE\\SYSTEM\\ControlSet001\\Enum\\Root"; ObjectType =SE_REGISTRY_KEY; //建立一个空的ACL;
if (SetEntriesInAcl(0, NULL, NULL, &OldDACL)!=ERROR_SUCCESS)
return; if (SetEntriesInAcl(0, NULL, NULL, &NewDACL)!=ERROR_SUCCESS)
return; //获取现有的ACL列表到OldDACL
if(GetNamedSecurityInfo(lpObjectName, ObjectType,
DACL_SECURITY_INFORMATION,
NULL, NULL,
&OldDACL,
NULL, &SD) != ERROR_SUCCESS)
Application->MessageBox("指定的键不存在!","提示",MB_OK); //设置用户名"Everyone"对指定的键有所有操作权到结构ea
ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS)); BuildExplicitAccessWithName(&ea,
"Everyone", // name of trustee
GENERIC_ALL, // type of access
SET_ACCESS, // access mode
SUB_CONTAINERS_AND_OBJECTS_INHERIT); //让自健继承他的权限; inheritance mode
//合并结构ea和OldDACL的权限列表到新的NewDACL
if(SetEntriesInAcl(1, &ea, NULL, &NewDACL) != ERROR_SUCCESS)
goto Cleanup; //把新的ACL写入到指定的键
SetNamedSecurityInfo(lpObjectName, ObjectType,
DACL_SECURITY_INFORMATION,
NULL, NULL,
NewDACL,
NULL);
///////开始操作注册表//////////////////////////////////////////////////////////
//...................................................
//////////////////////////////////////////////////////////////////////////// //恢复注册表的权限; BuildExplicitAccessWithName(&ea,
"Everyone", // name of trustee
GENERIC_READ, // type of access
SET_ACCESS, // access mode
NO_INHERITANCE); //让自健继承他的权限; inheritance mode if(SetEntriesInAcl(1, &ea, NULL, &OldDACL) != ERROR_SUCCESS)
goto Cleanup; //把旧的ACL写入到指定的键
SetNamedSecurityInfo(lpObjectName, ObjectType,
DACL_SECURITY_INFORMATION,
NULL, NULL,
OldDACL,
NULL); //释放指针
Cleanup:
if(SD != NULL)
LocalFree((HLOCAL) SD);
if(NewDACL != NULL)
LocalFree((HLOCAL) NewDACL);
if(OldDACL != NULL)
LocalFree((HLOCAL) OldDACL);
==================================================================================
本文转自csdn,原作:MEFULEU (新手上路)
http://expert.csdn.net/Expert/topic/2194/2194594.xml?temp=.952038在2k系统操作注册表时,发现某些健必须要有权限问题;
察看各位大大的贴,可惜没有一个合适的结果;
有人说:可以提高使用者权限;但是事实上好像不是很好用;
经过艰苦.艰苦.艰艰苦苦;终于在msdn上找到了一些好动动;
不敢独享,(哎,我可不想某人,好东西藏到自己都忘了的地方)
整理出来一些对某些人有用的东西:嘿嘿,代码如下:
严重建议:大家都把好东西往上贴吧!!!!!!欢迎来信探讨: [email protected] //开始重新配置使用注册表的权限------------------------------------------------ LPTSTR lpObjectName;
SE_OBJECT_TYPE ObjectType; //#include <aclapi.h> PACL OldDACL,NewDACL;
PSECURITY_DESCRIPTOR SD;
EXPLICIT_ACCESS ea; lpObjectName = "MACHINE\\SYSTEM\\ControlSet001\\Enum\\Root"; ObjectType =SE_REGISTRY_KEY; //建立一个空的ACL;
if (SetEntriesInAcl(0, NULL, NULL, &OldDACL)!=ERROR_SUCCESS)
return; if (SetEntriesInAcl(0, NULL, NULL, &NewDACL)!=ERROR_SUCCESS)
return; //获取现有的ACL列表到OldDACL
if(GetNamedSecurityInfo(lpObjectName, ObjectType,
DACL_SECURITY_INFORMATION,
NULL, NULL,
&OldDACL,
NULL, &SD) != ERROR_SUCCESS)
Application->MessageBox("指定的键不存在!","提示",MB_OK); //设置用户名"Everyone"对指定的键有所有操作权到结构ea
ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS)); BuildExplicitAccessWithName(&ea,
"Everyone", // name of trustee
GENERIC_ALL, // type of access
SET_ACCESS, // access mode
SUB_CONTAINERS_AND_OBJECTS_INHERIT); //让自健继承他的权限; inheritance mode
//合并结构ea和OldDACL的权限列表到新的NewDACL
if(SetEntriesInAcl(1, &ea, NULL, &NewDACL) != ERROR_SUCCESS)
goto Cleanup; //把新的ACL写入到指定的键
SetNamedSecurityInfo(lpObjectName, ObjectType,
DACL_SECURITY_INFORMATION,
NULL, NULL,
NewDACL,
NULL);
///////开始操作注册表//////////////////////////////////////////////////////////
//...................................................
//////////////////////////////////////////////////////////////////////////// //恢复注册表的权限; BuildExplicitAccessWithName(&ea,
"Everyone", // name of trustee
GENERIC_READ, // type of access
SET_ACCESS, // access mode
NO_INHERITANCE); //让自健继承他的权限; inheritance mode if(SetEntriesInAcl(1, &ea, NULL, &OldDACL) != ERROR_SUCCESS)
goto Cleanup; //把旧的ACL写入到指定的键
SetNamedSecurityInfo(lpObjectName, ObjectType,
DACL_SECURITY_INFORMATION,
NULL, NULL,
OldDACL,
NULL); //释放指针
Cleanup:
if(SD != NULL)
LocalFree((HLOCAL) SD);
if(NewDACL != NULL)
LocalFree((HLOCAL) NewDACL);
if(OldDACL != NULL)
LocalFree((HLOCAL) OldDACL);
我自己以前也遇到这个情况刚好昨晚才解决~~
过2天把VB远程注入卸载进程模块的代码也整理也发出来给大家共享。Private Const FOLDER_PATH = "MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI_HAL"
Private Const ERROR_SUCCESS = 0&
Private Const READ_CONTROL = &H20000
Private Const KEY_QUERY_VALUE = &H1
Private Const KEY_SET_VALUE = &H2
Private Const KEY_CREATE_SUB_KEY = &H4
Private Const KEY_ENUMERATE_SUB_KEYS = &H8
Private Const KEY_NOTIFY = &H10
Private Const KEY_CREATE_LINK = &H20
Private Const KEY_ALL_ACCESS = KEY_QUERY_VALUE + KEY_SET_VALUE + KEY_CREATE_SUB_KEY + KEY_ENUMERATE_SUB_KEYS + KEY_NOTIFY + KEY_CREATE_LINK + READ_CONTROL
Private Const DACL_SECURITY_INFORMATION = 4&
Private Const SET_ACCESS = 2&
Private Const SUB_CONTAINERS_AND_OBJECTS_INHERIT = &H3Private Enum SE_OBJECT_TYPE
SE_UNKNOWN_OBJECT_TYPE = 0&
SE_FILE_OBJECT = 1&
SE_SERVICE = 2&
SE_PRINTER = 3&
SE_REGISTRY_KEY = 4&
SE_LMSHARE = 5&
SE_KERNEL_OBJECT = 6&
SE_WINDOW_OBJECT = 7&
End Enum'
Private Type TRUSTEE
pMultipleTrustee As Long
MultipleTrusteeOperation As Long
TrusteeForm As Long
TrusteeType As Long
ptstrName As String
End Type
Private Type EXPLICIT_ACCESS
grfAccessPermissions As Long
grfAccessMode As Long
grfInheritance As Long
pTRUSTEE As TRUSTEE
End Type
Private Declare Sub BuildExplicitAccessWithName Lib "advapi32.dll" Alias _
"BuildExplicitAccessWithNameA" _
(ea As Any, _
ByVal TrusteeName As String, _
ByVal AccessPermissions As Long, _
ByVal AccessMode As Integer, _
ByVal Inheritance As Long)
Private Declare Function SetEntriesInAcl Lib "advapi32.dll" Alias _
"SetEntriesInAclA" _
(ByVal CountofExplicitEntries As Long, _
ea As Any, _
ByVal OldAcl As Long, _
NewAcl As Long) As LongPrivate Declare Function GetNamedSecurityInfo Lib "advapi32.dll" Alias _
"GetNamedSecurityInfoA" _
(ByVal ObjName As String, _
ByVal SE_OBJECT_TYPE As Long, _
ByVal SecInfo As Long, _
ByVal pSid As Long, _
ByVal pSidGroup As Long, _
pDacl As Long, _
ByVal pSacl As Long, _
pSecurityDescriptor As Long) As Long
Private Declare Function SetNamedSecurityInfo Lib "advapi32.dll" Alias _
"SetNamedSecurityInfoA" _
(ByVal ObjName As String, _
ByVal SE_OBJECT As Long, _
ByVal SecInfo As Long, _
ByVal pSid As Long, _
ByVal pSidGroup As Long, _
ByVal pDacl As Long, _
ByVal pSacl As Long) As LongPrivate Declare Function LocalFree Lib "KERNEL32" (ByVal hMem As Long) As LongPrivate Sub Command1_Click() Dim result As Long
Dim pSecDesc As Long
Dim ea As EXPLICIT_ACCESS
Dim pNewDACL As Long
Dim pOldDACL As Long
result = GetNamedSecurityInfo(FOLDER_PATH, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION, 0&, 0&, pOldDACL, 0&, pSecDesc) If result = ERROR_SUCCESS Then
Call BuildExplicitAccessWithName(ea, "EVERYONE", KEY_ALL_ACCESS, SET_ACCESS, SUB_CONTAINERS_AND_OBJECTS_INHERIT)
result = SetEntriesInAcl(1, ea, pOldDACL, pNewDACL)
If result = ERROR_SUCCESS Then
result = SetNamedSecurityInfo(FOLDER_PATH, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION, 0&, 0&, pNewDACL, 0&)
If result = ERROR_SUCCESS Then
MsgBox "SetNamedSecurityInfo succeeded"
Else
MsgBox "SetNamedSecurityInfo failed with error code : " & result
End If
LocalFree pNewDACL
Else
MsgBox "SetEntriesInAcl failed with error code : " & result
End If
LocalFree pSecDesc
Else
MsgBox "GetNamedSecurityInfo failed with error code : " & result
End If
End Sub