1
uses
aclapi,AccCtrl;
2
3
var
4lpObjectName:LPTSTR;
5OldDACL,NewDACL:PACL ;
//
uses
aclapi
6ObjectType:SE_OBJECT_TYPE ;
//
uses
AccCtrl
7SD:PSECURITY_DESCRIPTOR;
8ea: EXPLICIT_ACCESS;
9
label
Cleanup;
10
begin
11 lpObjectName :
=
'
MACHINE\\SYSTEM\\ControlSet001\\Enum\\Root
'
;
12
13
//
ObjectType :
=
SE_REGISTRY_KEY;
14
15
//
建立一个空的ACL;
16
if
SetEntriesInAcl(
0
,
nil
,
nil
, OldDACL)
<>
ERROR_SUCCESS
then
17 exit;
18
19
if
(SetEntriesInAcl(
0
,
nil
,
nil
, NewDACL)
<>
ERROR_SUCCESS)
then
20 exit;
21
22
//
获取现有的ACL列表到OldDACL
23
if
GetNamedSecurityInfo(lpObjectName, ObjectType,
24 DACL_SECURITY_INFORMATION,
25
nil
,
nil
,
26 OldDACL,
27
nil
, SD)
<>
ERROR_SUCCESS
then
28 Application.MessageBox(
'
指定的键不存在!
'
,
'
提示
'
,MB_OK);
29
30
//
设置用户名"Everyone"对指定的键有所有操作权到结构ea
31 ZeroMemory(@ea, sizeof(EXPLICIT_ACCESS));
32
33 BuildExplicitAccessWithName(@ea,
34
'
Everyone
'
,
//
name
of
trustee
35 GENERIC_ALL,
//
type
of
access
36 SET_ACCESS,
//
access mode
37 SUB_CONTAINERS_AND_OBJECTS_INHERIT);
//
让自健继承他的权限; inheritance mode
38
39
//
合并结构ea和OldDACL的权限列表到新的NewDACL
40
if
SetEntriesInAcl(
1
, @ea,
nil
, NewDACL)
<>
ERROR_SUCCESS
then
41
goto
Cleanup;
42
43
//
把新的ACL写入到指定的键
44 SetNamedSecurityInfo(lpObjectName, ObjectType,
45 DACL_SECURITY_INFORMATION,
46
nil
,
nil
,
47 NewDACL,
48
nil
);
49
50
51
///////
开始操作注册表
//////////
52
//
恢复注册表的权限;
53
54 BuildExplicitAccessWithName(@ea,
55
'
Everyone
'
,
//
name
of
trustee
56 GENERIC_READ,
//
type
of
access
57 SET_ACCESS,
//
access mode
58 NO_INHERITANCE);
//
让自健继承他的权限; inheritance mode
59
60
if
SetEntriesInAcl(
1
, @ea,
nil
, OldDACL)
<>
ERROR_SUCCESS
then
61
goto
Cleanup;
62
63
//
把旧的ACL写入到指定的键
64 SetNamedSecurityInfo(lpObjectName, ObjectType,
65 DACL_SECURITY_INFORMATION,
66
nil
,
nil
,
67 OldDACL,
68
nil
);
69
70
//
释放指针
71 Cleanup:
72
if
SD
<>
nil
then
73 LocalFree(HLOCAL (SD));
74
if
NewDACL
<>
nil
then
75 LocalFree(HLOCAL (NewDACL));
76
if
OldDACL
<>
nil
then
77 LocalFree(HLOCAL( OldDACL));
78
以下为代码运行前后的对比图片.
uses
aclapi,AccCtrl;2
3
var
4
lpObjectName:LPTSTR;5
OldDACL,NewDACL:PACL ;
//
uses
aclapi6
ObjectType:SE_OBJECT_TYPE ;
//
uses
AccCtrl7
SD:PSECURITY_DESCRIPTOR;8
ea: EXPLICIT_ACCESS;9
label
Cleanup;10
begin
11
lpObjectName :
=
'
MACHINE\\SYSTEM\\ControlSet001\\Enum\\Root
'
;12
13
//
ObjectType :
=
SE_REGISTRY_KEY;14
15
//
建立一个空的ACL;16
if
SetEntriesInAcl(
0
,
nil
,
nil
, OldDACL)
<>
ERROR_SUCCESS
then
17
exit;18
19
if
(SetEntriesInAcl(
0
,
nil
,
nil
, NewDACL)
<>
ERROR_SUCCESS)
then
20
exit;21
22
//
获取现有的ACL列表到OldDACL23
if
GetNamedSecurityInfo(lpObjectName, ObjectType,24
DACL_SECURITY_INFORMATION,25
nil
,
nil
,26
OldDACL,27
nil
, SD)
<>
ERROR_SUCCESS
then
28
Application.MessageBox(
'
指定的键不存在!
'
,
'
提示
'
,MB_OK);29
30
//
设置用户名"Everyone"对指定的键有所有操作权到结构ea31
ZeroMemory(@ea, sizeof(EXPLICIT_ACCESS));32
33
BuildExplicitAccessWithName(@ea,34
'
Everyone
'
,
//
name
of
trustee35
GENERIC_ALL,
//
type
of
access36
SET_ACCESS,
//
access mode37
SUB_CONTAINERS_AND_OBJECTS_INHERIT);
//
让自健继承他的权限; inheritance mode38
39
//
合并结构ea和OldDACL的权限列表到新的NewDACL40
if
SetEntriesInAcl(
1
, @ea,
nil
, NewDACL)
<>
ERROR_SUCCESS
then
41
goto
Cleanup;42
43
//
把新的ACL写入到指定的键44
SetNamedSecurityInfo(lpObjectName, ObjectType,45
DACL_SECURITY_INFORMATION,46
nil
,
nil
,47
NewDACL,48
nil
);49
50
51
///////
开始操作注册表
//////////
52
//
恢复注册表的权限;53
54
BuildExplicitAccessWithName(@ea,55
'
Everyone
'
,
//
name
of
trustee56
GENERIC_READ,
//
type
of
access57
SET_ACCESS,
//
access mode58
NO_INHERITANCE);
//
让自健继承他的权限; inheritance mode59
60
if
SetEntriesInAcl(
1
, @ea,
nil
, OldDACL)
<>
ERROR_SUCCESS
then
61
goto
Cleanup;62
63
//
把旧的ACL写入到指定的键64
SetNamedSecurityInfo(lpObjectName, ObjectType,65
DACL_SECURITY_INFORMATION,66
nil
,
nil
,67
OldDACL,68
nil
);69
70
//
释放指针71
Cleanup:72
if
SD
<>
nil
then
73
LocalFree(HLOCAL (SD));74
if
NewDACL
<>
nil
then
75
LocalFree(HLOCAL (NewDACL));76
if
OldDACL
<>
nil
then
77
LocalFree(HLOCAL( OldDACL));78
设置权限以前注册表的权限.
设置权限后未恢复的注册表权限
转载于:https://www.cnblogs.com/zhaoyong/archive/2009/07/03/1515994.html