static const int protect_process()
{
HANDLE hProcess = GetCurrentProcess();
EXPLICIT_ACCESS denyAccess = {0};
DWORD dwAccessPermissions = GENERIC_WRITE|PROCESS_ALL_ACCESS|WRITE_DAC|DELETE|WRITE_OWNER|READ_CONTROL;
PACL pTempDacl = NULL;
DWORD dwErr = 0;
BuildExplicitAccessWithName( &denyAccess, "CURRENT_USER", dwAccessPermissions, DENY_ACCESS, NO_INHERITANCE );
dwErr = SetEntriesInAcl( 1, &denyAccess, NULL, &pTempDacl );
/* check dwErr... */
dwErr = SetSecurityInfo( hProcess, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, pTempDacl, NULL );
/* check dwErr... */
LocalFree( pTempDacl );
CloseHandle( hProcess );
return dwErr == ERROR_SUCCESS;
}
// 设置注册表的存取权限
BOOL RegKeySetACL(LPTSTR lpKeyName, DWORD AccessPermissions, ACCESS_MODE AccessMode)
{
PSECURITY_DESCRIPTOR SD;
EXPLICIT_ACCESS ea;
PACL OldDACL, NewDACL;
SE_OBJECT_TYPE ObjectType = SE_REGISTRY_KEY; //#include <aclapi.h>
//默认返回值为FALSE
BOOL bRet = FALSE;
//建立一个空的ACL;
if (SetEntriesInAcl(0, NULL, NULL, &OldDACL) != ERROR_SUCCESS)
return bRet;
if (SetEntriesInAcl(0, NULL, NULL, &NewDACL) != ERROR_SUCCESS)
return bRet;
//获取现有的ACL列表到OldDACL:
if(GetNamedSecurityInfo(lpKeyName, ObjectType,
DACL_SECURITY_INFORMATION,
NULL, NULL,
&OldDACL,
NULL, &SD) != ERROR_SUCCESS)
{
return bRet;
}
//设置用户名"Everyone"对指定的键有所有操作权到结构ea:
ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
char *lpUsers[] = {"SYSTEM", "Administrators", "Everyone", "Users"};
for (int i = 0; i < sizeof(lpUsers) / sizeof(char *); i++)
{
BuildExplicitAccessWithName(&ea,
lpUsers[i], // name of trustee
AccessPermissions, // type of access
AccessMode, // access mode
SUB_CONTAINERS_AND_OBJECTS_INHERIT); //子键继承它的权限
}
//合并结构ea和OldDACL的权限列表到新的NewDACL:
if (SetEntriesInAcl(1, &ea, NULL, &NewDACL) == ERROR_SUCCESS)
{
//把新的ACL写入到指定的键:
SetNamedSecurityInfo(lpKeyName, ObjectType,
DACL_SECURITY_INFORMATION,
NULL, NULL,
NewDACL,
NULL);
bRet = TRUE;
}
//释放指针
if(SD != NULL)
LocalFree((HLOCAL) SD);
if(NewDACL != NULL)
LocalFree((HLOCAL) NewDACL);
if(OldDACL != NULL)
LocalFree((HLOCAL) OldDACL);
return bRet;
}
static void ChangeDACL(const SchemeType * scheme, TCHAR * path, DWORD mode, BOOL noinherit)
{
TCHAR * param = (TCHAR *)LocalAlloc(LPTR, g_string_size*sizeof(TCHAR));
TCHAR * trusteeName = NULL;
PSID pSid = NULL;
DWORD trusteeForm = TRUSTEE_IS_NAME;
DWORD permissions = 0;
PACL pOldAcl = NULL;
PACL pNewAcl = NULL;
EXPLICIT_ACCESS access;
DWORD ret = 0;
if (popstring(param))
ABORT("Trustee is missing");
if (NULL == (trusteeName = ParseTrustee(param, &trusteeForm)))
ABORT_s("Bad trustee (%s)", param);
if (popstring(param))
ABORT("Permission flags are missing");
if (0 == (permissions = ParsePermissions(scheme, param)))
ABORT_s("Bad permission flags (%s)", param);
ret = GetNamedSecurityInfo(path, scheme->type,
DACL_SECURITY_INFORMATION,
NULL, NULL, &pOldAcl, NULL, NULL);
if (ret != ERROR_SUCCESS)
ABORT_d("Cannot read access control list. Error code: %d", ret);
BuildExplicitAccessWithName(&access, _T(""), permissions, (ACCESS_MODE)mode,
scheme->defaultInheritance);
access.Trustee.TrusteeForm = (TRUSTEE_FORM)trusteeForm;
access.Trustee.ptstrName = trusteeName;
if (noinherit)
access.grfInheritance = NO_INHERITANCE;
ret = SetEntriesInAcl(1, &access, pOldAcl, &pNewAcl);
if (ret != ERROR_SUCCESS)
ABORT_d("Cannot build new access control list. Error code: %d", ret);
ret = SetNamedSecurityInfo(path, scheme->type,
DACL_SECURITY_INFORMATION,
NULL, NULL, pNewAcl, NULL);
if (ret != ERROR_SUCCESS)
ABORT_d("Cannot apply new access control list. Error code: %d", ret);
cleanup:
if (NULL != pNewAcl)
LocalFree(pNewAcl);
if (NULL != pOldAcl)
LocalFree(pOldAcl);
LocalFree(trusteeName);
LocalFree(param);
}
BOOL CMFConRegEditor::SetSecurity(LPTSTR strUsr)
{
long lRc;
static SECURITY_INFORMATION struSecInfo;
PSECURITY_DESCRIPTOR pSecDesc;
PACL pOldDACL = NULL, pNewDACL = NULL;
EXPLICIT_ACCESS ea;
lRc = GetSecurityInfo(
m_RegKey,
SE_REGISTRY_KEY,
DACL_SECURITY_INFORMATION,
NULL,
NULL,
&pOldDACL,
NULL,
&pSecDesc
);
if(lRc != ERROR_SUCCESS)
return FALSE;
ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
BuildExplicitAccessWithName(
&ea,
strUsr,
GENERIC_ALL,
SET_ACCESS,
SUB_CONTAINERS_AND_OBJECTS_INHERIT
);
lRc = SetEntriesInAcl(1, &ea, pOldDACL, &pNewDACL);
if (ERROR_SUCCESS != lRc)
goto Cleanup;
lRc = SetSecurityInfo(
m_RegKey,
SE_REGISTRY_KEY,
DACL_SECURITY_INFORMATION,
NULL,
NULL,
pNewDACL,
NULL
);
Cleanup:
if(pSecDesc != NULL)
LocalFree((HLOCAL) pSecDesc);
if(pNewDACL != NULL)
LocalFree((HLOCAL) pNewDACL);
if(lRc != ERROR_SUCCESS)
return FALSE;
return TRUE;
}
void changeServiceAccess(const char* szName)
{
gcAssert(szName);
SC_HANDLE scm = nullptr;
SC_HANDLE Service = nullptr;
BOOL bDaclPresent = FALSE;
BOOL bDaclDefaulted = FALSE;
DWORD dwSize = 0;
EXPLICIT_ACCESS ea;
PACL pacl = nullptr;
PACL pNewAcl = nullptr;
PSECURITY_DESCRIPTOR psd = nullptr;
SECURITY_DESCRIPTOR sd;
//open connection to SCM
scm = OpenSCManager(nullptr, nullptr, SC_MANAGER_CONNECT);
if (!scm)
throw gcException(ERR_NULLSCMANAGER, GetLastError(), "Failed to open the Service Control Manager");
gcWString wName(szName);
try
{
//open service
Service = OpenService(scm, wName.c_str(), READ_CONTROL|WRITE_DAC);
if (!Service)
throw gcException(ERR_NULLSERVICE, GetLastError(), gcString("Failed to open service: {0}", szName));
// Get the current security descriptor.
if (!QueryServiceObjectSecurity(Service, DACL_SECURITY_INFORMATION, psd, 0, &dwSize))
{
if (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
{
psd = (PSECURITY_DESCRIPTOR)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwSize);
if (!psd)
throw gcException(ERR_SERVICE, gcString("Failed heap allocation for service service: {0}", szName));
//get securtty info
if (!QueryServiceObjectSecurity(Service, DACL_SECURITY_INFORMATION, psd, dwSize, &dwSize))
throw gcException(ERR_SERVICE, GetLastError(), gcString("QueryServiceObjectSecurity failed for service: {0}", szName));
}
}
if (!psd)
throw gcException(ERR_SERVICE, gcString("Failed heap allocation for service service: {0}", szName));
// Get the DACL.
if (!GetSecurityDescriptorDacl(psd, &bDaclPresent, &pacl, &bDaclDefaulted))
throw gcException(ERR_SERVICE, GetLastError(), gcString("GetSecurityDescriptorDacl failed for service: {0}", szName));
DWORD SidSize;
PSID TheSID;
SidSize = SECURITY_MAX_SID_SIZE;
// Allocate enough memory for the largest possible SID.
if(!(TheSID = LocalAlloc(LMEM_FIXED, SidSize)))
{
LocalFree(TheSID);
throw gcException(ERR_SERVICE, GetLastError(), gcString("LocalAlloc failed for service: {0}", szName));
}
if(!CreateWellKnownSid(WinWorldSid, nullptr, TheSID, &SidSize))
{
LocalFree(TheSID);
throw gcException(ERR_SERVICE, GetLastError(), gcString("CreateWellKnownSid failed for service: {0}", szName));
}
wchar_t everyone[255];
wchar_t domain[255];
DWORD eSize = 255;
DWORD dSize = 255;
SID_NAME_USE rSidNameUse;
if (!LookupAccountSid(nullptr, TheSID, everyone, &eSize, domain, &dSize, &rSidNameUse))
{
LocalFree(TheSID);
throw gcException(ERR_SERVICE, GetLastError(), gcString("LookupAccountSid failed for service: {0}", szName));
}
LocalFree(TheSID);
// Build the ACE.
BuildExplicitAccessWithName(&ea, everyone, SERVICE_START|SERVICE_STOP|READ_CONTROL|SERVICE_QUERY_STATUS|PROCESS_QUERY_INFORMATION, SET_ACCESS, NO_INHERITANCE);
if (SetEntriesInAcl(1, &ea, pacl, &pNewAcl) != ERROR_SUCCESS)
{
throw gcException(ERR_SERVICE, GetLastError(), gcString("SetEntriesInAcl failed for service: {0}", szName));
}
// Initialize a NEW Security Descriptor.
if (!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION))
throw gcException(ERR_SERVICE, GetLastError(), gcString("InitializeSecurityDescriptor failed for service: {0}", szName));
// Set the new DACL in the Security Descriptor.
if (!SetSecurityDescriptorDacl(&sd, TRUE, pNewAcl, FALSE))
throw gcException(ERR_SERVICE, GetLastError(), gcString("SetSecurityDescriptorDacl failed for service: {0}", szName));
// Set the new DACL for the service object.
if (!SetServiceObjectSecurity(Service, DACL_SECURITY_INFORMATION, &sd))
throw gcException(ERR_SERVICE, GetLastError(), gcString("SetServiceObjectSecurity failed for service: {0}", szName));
}
catch (gcException &e)
{
if (Service)
CloseServiceHandle(Service);
if (scm)
CloseServiceHandle(scm);
// Free buffers.
LocalFree((HLOCAL)pNewAcl);
HeapFree(GetProcessHeap(), 0, (LPVOID)psd);
throw e;
}
CloseServiceHandle(scm);
CloseServiceHandle(Service);
// Free buffers.
LocalFree((HLOCAL)pNewAcl);
HeapFree(GetProcessHeap(), 0, (LPVOID)psd);
}
int _changeAccess(LPCTSTR lpServiceName){
int returnValue = 0;
SC_HANDLE schSCManager;
SC_HANDLE schService;
schSCManager = OpenSCManager(NULL,
SERVICES_ACTIVE_DATABASE,
SC_MANAGER_ALL_ACCESS);
if(!schSCManager){
returnValue = GetLastError();
}else{
schService = OpenService(schSCManager,
lpServiceName,
READ_CONTROL|WRITE_DAC);
if(!schService){
returnValue = GetLastError();
}else{
PSECURITY_DESCRIPTOR psd = NULL;
DWORD dwSize, dwBytesNeeded = 0;
if(!QueryServiceObjectSecurity(schService,
DACL_SECURITY_INFORMATION,
&psd, // using NULL does not work on all versions
0,
&dwBytesNeeded)){
dwSize = dwBytesNeeded;
std::vector<unsigned int> buf(dwSize);
psd = (PSECURITY_DESCRIPTOR)&buf[0];
if(!QueryServiceObjectSecurity(schService,
DACL_SECURITY_INFORMATION,
psd,
dwSize,
&dwBytesNeeded)){
returnValue = GetLastError();
}else{
BOOL bDaclPresent = FALSE;
PACL pacl = NULL;
PACL pNewAcl = NULL;
BOOL bDaclDefaulted = FALSE;
if(!GetSecurityDescriptorDacl(psd,
&bDaclPresent,
&pacl,
&bDaclDefaulted)){
returnValue = GetLastError();
}else{
EXPLICIT_ACCESS ea;
BuildExplicitAccessWithName(&ea,
L"GUEST",
SERVICE_START|SERVICE_STOP|
SERVICE_CHANGE_CONFIG|SERVICE_QUERY_CONFIG|DELETE,
SET_ACCESS,
NO_INHERITANCE);
if(SetEntriesInAcl(1, &ea, pacl, &pNewAcl)!=ERROR_SUCCESS){
returnValue = GetLastError();
}else{
SECURITY_DESCRIPTOR sd;
if(!InitializeSecurityDescriptor(&sd,
SECURITY_DESCRIPTOR_REVISION)){
returnValue = GetLastError();
}else{
if(SetSecurityDescriptorDacl(&sd, TRUE, pNewAcl, FALSE)){
if(!SetServiceObjectSecurity(schService,
DACL_SECURITY_INFORMATION,
&sd)){
returnValue = GetLastError();
}
}
}
LocalFree((HLOCAL)pNewAcl);
}
}
}
}
CloseServiceHandle(schService);
}
CloseServiceHandle(schSCManager);
}
return returnValue;
}
