修改注册表权限
1
uses aclapi,AccCtrl;
2
3var
4lpObjectName:LPTSTR;
5OldDACL,NewDACL:PACL ; //uses aclapi
6ObjectType:SE_OBJECT_TYPE ; //uses AccCtrl
7SD:PSECURITY_DESCRIPTOR;
8ea: EXPLICIT_ACCESS;
9label Cleanup;
10begin
11 lpObjectName := 'MACHINE\\SYSTEM\\ControlSet001\\Enum\\Root';
12
13// ObjectType :=SE_REGISTRY_KEY;
14
15 //建立一个空的ACL;
16 if SetEntriesInAcl(0, nil, nil, OldDACL)<>ERROR_SUCCESS then
17 exit;
18
19 if (SetEntriesInAcl(0, nil, nil, NewDACL)<>ERROR_SUCCESS) then
20 exit;
21
22 //获取现有的ACL列表到OldDACL
23 if GetNamedSecurityInfo(lpObjectName, ObjectType,
24 DACL_SECURITY_INFORMATION,
25 nil, nil,
26 OldDACL,
27 nil, SD) <> ERROR_SUCCESS then
28 Application.MessageBox('指定的键不存在!','提示',MB_OK);
29
30 //设置用户名"Everyone"对指定的键有所有操作权到结构ea
31 ZeroMemory(@ea, sizeof(EXPLICIT_ACCESS));
32
33 BuildExplicitAccessWithName(@ea,
34 'Everyone', // name of trustee
35 GENERIC_ALL, // type of access
36 SET_ACCESS, // access mode
37 SUB_CONTAINERS_AND_OBJECTS_INHERIT); //让自健继承他的权限; inheritance mode
38
39 //合并结构ea和OldDACL的权限列表到新的NewDACL
40 if SetEntriesInAcl(1, @ea, nil, NewDACL) <> ERROR_SUCCESS then
41 goto Cleanup;
42
43 //把新的ACL写入到指定的键
44 SetNamedSecurityInfo(lpObjectName, ObjectType,
45 DACL_SECURITY_INFORMATION,
46 nil, nil,
47 NewDACL,
48 nil);
49
50
51 ///////开始操作注册表//////////
52 //恢复注册表的权限;
53
54 BuildExplicitAccessWithName(@ea,
55 'Everyone', // name of trustee
56 GENERIC_READ, // type of access
57 SET_ACCESS, // access mode
58 NO_INHERITANCE); //让自健继承他的权限; inheritance mode
59
60 if SetEntriesInAcl(1, @ea, nil, OldDACL) <> ERROR_SUCCESS then
61 goto Cleanup;
62
63 //把旧的ACL写入到指定的键
64 SetNamedSecurityInfo(lpObjectName, ObjectType,
65 DACL_SECURITY_INFORMATION,
66 nil, nil,
67 OldDACL,
68 nil);
69
70 //释放指针
71 Cleanup:
72 if SD <> nil then
73 LocalFree(HLOCAL (SD));
74 if NewDACL <> nil then
75 LocalFree(HLOCAL (NewDACL));
76 if OldDACL <> nil then
77 LocalFree(HLOCAL( OldDACL));
78
以下为代码运行前后的对比图片.uses aclapi,AccCtrl;2
3
var4
lpObjectName:LPTSTR;5
OldDACL,NewDACL:PACL ; //uses aclapi6
ObjectType:SE_OBJECT_TYPE ; //uses AccCtrl7
SD:PSECURITY_DESCRIPTOR;8
ea: EXPLICIT_ACCESS;9
label Cleanup;10
begin11
lpObjectName := 'MACHINE\\SYSTEM\\ControlSet001\\Enum\\Root';12
13
// ObjectType :=SE_REGISTRY_KEY;14
15
//建立一个空的ACL;16
if SetEntriesInAcl(0, nil, nil, OldDACL)<>ERROR_SUCCESS then17
exit;18
19
if (SetEntriesInAcl(0, nil, nil, NewDACL)<>ERROR_SUCCESS) then20
exit;21
22
//获取现有的ACL列表到OldDACL23
if GetNamedSecurityInfo(lpObjectName, ObjectType,24
DACL_SECURITY_INFORMATION,25
nil, nil,26
OldDACL,27
nil, SD) <> ERROR_SUCCESS then28
Application.MessageBox('指定的键不存在!','提示',MB_OK);29
30
//设置用户名"Everyone"对指定的键有所有操作权到结构ea31
ZeroMemory(@ea, sizeof(EXPLICIT_ACCESS));32
33
BuildExplicitAccessWithName(@ea,34
'Everyone', // name of trustee35
GENERIC_ALL, // type of access36
SET_ACCESS, // access mode37
SUB_CONTAINERS_AND_OBJECTS_INHERIT); //让自健继承他的权限; inheritance mode38
39
//合并结构ea和OldDACL的权限列表到新的NewDACL40
if SetEntriesInAcl(1, @ea, nil, NewDACL) <> ERROR_SUCCESS then41
goto Cleanup;42
43
//把新的ACL写入到指定的键44
SetNamedSecurityInfo(lpObjectName, ObjectType,45
DACL_SECURITY_INFORMATION,46
nil, nil,47
NewDACL,48
nil);49
50
51
///////开始操作注册表//////////52
//恢复注册表的权限;53
54
BuildExplicitAccessWithName(@ea,55
'Everyone', // name of trustee56
GENERIC_READ, // type of access57
SET_ACCESS, // access mode58
NO_INHERITANCE); //让自健继承他的权限; inheritance mode59
60
if SetEntriesInAcl(1, @ea, nil, OldDACL) <> ERROR_SUCCESS then61
goto Cleanup;62
63
//把旧的ACL写入到指定的键64
SetNamedSecurityInfo(lpObjectName, ObjectType,65
DACL_SECURITY_INFORMATION,66
nil, nil,67
OldDACL,68
nil);69
70
//释放指针71
Cleanup:72
if SD <> nil then73
LocalFree(HLOCAL (SD));74
if NewDACL <> nil then75
LocalFree(HLOCAL (NewDACL));76
if OldDACL <> nil then77
LocalFree(HLOCAL( OldDACL));78
设置权限以前注册表的权限.
设置权限后未恢复的注册表权限