==============================ModuleO===================================== | | | The program examples' source codes have been arranged in the same | | order that appeared in the Tutorial. This is unedited and unverified | | compilation. Published as is basis for educational, reacretional and | | brain teaser purposes. All trademarks, copyrights and IPs, wherever | | exist, are the sole property of their respective owner and/or | | holder. Any damage or loss by using the materials presented in this | | tutorial is USER responsibility. Part or full distribution, | | reproduction and modification is granted to any body. | | Copyright 2003-2005 © Tenouk, Inc. All rights reserved. | | Distributed through http://www.tenouk.com | | | | | =========================================================================== Compiled using VC++/VC++ .Net.....unmanaged... // Creating a security descriptor for a new object, // a registry key and then delete the key... // #define _WIN32_WINNT 0x0502 // Windows Server 2003 family // For Win Xp, change accordingly... #define _WIN32_WINNT 0x0501 // #define _WIN32_WINNT 0x0500 // Windows 2000 // #define _WIN32_WINNT 0x0400 // Windows NT 4.0 // #define _WIN32_WINDOWS 0x0500 // Windows ME // #define _WIN32_WINDOWS 0x0410 // Windows 98 // #define _WIN32_WINDOWS 0x0400 // Windows 95 #include #include #include // Buffer clean up routine void Cleanup(PSID pEveryoneSID, PSID pAdminSID, PACL pACL, PSECURITY_DESCRIPTOR pSD, HKEY hkSub) { if(pEveryoneSID) FreeSid(pEveryoneSID); if(pAdminSID) FreeSid(pAdminSID); if(pACL) LocalFree(pACL); if(pSD) LocalFree(pSD); if(hkSub) RegCloseKey(hkSub); } int main(int argc, char *argv[]) { DWORD dwRes, dwDisposition; PSID pEveryoneSID = NULL, pAdminSID = NULL; PACL pACL = NULL; PSECURITY_DESCRIPTOR pSD = NULL; // An array of EXPLICIT_ACCESS structure EXPLICIT_ACCESS ea[2]; SID_IDENTIFIER_AUTHORITY SIDAuthWorld = SECURITY_WORLD_SID_AUTHORITY; SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY; SECURITY_ATTRIBUTES sa; LONG lRes; HKEY hkSub = NULL; // Create a well-known SID for the Everyone group. if(!AllocateAndInitializeSid(&SIDAuthWorld, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &pEveryoneSID)) { printf("AllocateAndInitializeSid() error %u\n", GetLastError()); Cleanup(pEveryoneSID, pAdminSID, pACL, pSD, hkSub); } else printf("AllocateAndInitializeSid() for the Everyone group is OK\n"); // Initialize an EXPLICIT_ACCESS structure for an ACE. // The ACE will allow Everyone read access to the key. ZeroMemory(&ea, 2 * sizeof(EXPLICIT_ACCESS)); ea[0].grfAccessPermissions = KEY_READ; ea[0].grfAccessMode = SET_ACCESS; ea[0].grfInheritance= NO_INHERITANCE; ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID; ea[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP; ea[0].Trustee.ptstrName = (LPTSTR) pEveryoneSID; // Create a SID for the BUILTIN\Administrators group. if(!AllocateAndInitializeSid(&SIDAuthNT, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &pAdminSID)) { printf("AllocateAndInitializeSid() error %u\n", GetLastError()); Cleanup(pEveryoneSID, pAdminSID, pACL, pSD, hkSub); } else printf("AllocateAndInitializeSid() for the BUILTIN\\Administrators group is OK\n"); // Initialize an EXPLICIT_ACCESS structure for an ACE. // The ACE will allow the Administrators group full access to the key. ea[1].grfAccessPermissions = KEY_ALL_ACCESS; ea[1].grfAccessMode = SET_ACCESS; ea[1].grfInheritance= NO_INHERITANCE; ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID; ea[1].Trustee.TrusteeType = TRUSTEE_IS_GROUP; ea[1].Trustee.ptstrName = (LPTSTR) pAdminSID; // Create a new ACL that contains the new ACEs. dwRes = SetEntriesInAcl(2, ea, NULL, &pACL); if(dwRes != ERROR_SUCCESS) { printf("SetEntriesInAcl() error %u\n", GetLastError()); Cleanup(pEveryoneSID, pAdminSID, pACL, pSD, hkSub); } else printf("SetEntriesInAcl() for the Administrators group is OK\n"); // Initialize a security descriptor. pSD = (PSECURITY_DESCRIPTOR) LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH); if(pSD == NULL) { printf("LocalAlloc() error %u\n", GetLastError()); Cleanup(pEveryoneSID, pAdminSID, pACL, pSD, hkSub); } else printf("LocalAlloc() is OK\n"); if(!InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION)) { printf("InitializeSecurityDescriptor Error %u\n", GetLastError()); Cleanup(pEveryoneSID, pAdminSID, pACL, pSD, hkSub); } else printf("InitializeSecurityDescriptor() is OK\n"); // Add the ACL to the security descriptor. if(!SetSecurityDescriptorDacl(pSD, TRUE, // bDaclPresent flag pACL, FALSE)) // not a default DACL { printf("SetSecurityDescriptorDacl() Error %u\n", GetLastError()); Cleanup(pEveryoneSID, pAdminSID, pACL, pSD, hkSub); } else printf("SetSecurityDescriptorDacl() is OK\n"); // Initialize a security attributes structure. sa.nLength = sizeof(SECURITY_ATTRIBUTES); sa.lpSecurityDescriptor = pSD; sa.bInheritHandle = FALSE; //******************* Registry key ********************** // Use the security attributes to set the security descriptor // when you create a registry key. // make the subkey as char... #define MAX_KEY_NAME 255 char cName[MAX_KEY_NAME] = "AnotherTestKey"; // Change accordingly... HKEY hKey = HKEY_CURRENT_USER; // Change to other key accordingly... lRes = RegCreateKeyEx(hKey, // handle to an open key cName, // name of the subkey 0, // Reserved, must be 0 "", // class or object type of this key, may be ignored 0, // Options KEY_ALL_ACCESS, // Access right for the key &sa, // Pointer to security attribute structure, can be inherited // or not. NULL is not inherited &hkSub, // variable that receives a handle // to the opened or created key &dwDisposition);// variable that receives: // REG_CREATED_NEW_KEY - create new key (non-exist) // REG_OPENED_EXISTING_KEY - just open // the existing key (already exist) // If successful if(lRes == 0) { printf("The value of the \'&dwDisposition\': %u\n", dwDisposition); printf("HKEY_CURRENT_USER\\%s successfully created.\n", cName); } else printf("Creating and opening HKEY_CURRENT_USER\\%s is failed.\n", cName); // TODO: Call other functions such as setting the key values... // Just to see the key has been created before it is deleted... // You can verify through the regedit/regedt32... system("pause"); // Then delete the subkey... LONG res = RegDeleteKey( hKey, // The key cName // The subkey ); if(res == ERROR_SUCCESS) printf("HKEY_CURRENT_USER\\%s successfully deleted.\n", cName); RegCloseKey(hKey); return 0; } ---------------------------------------------------------------------------------------------------------------- // WARNING!!! // If you don't know what you are doing, please don't try // this code...and don't forget to delete the key or use // RegDeleteKey()... // #define _WIN32_WINNT 0x0502 // Windows Server 2003 family // For Win Xp, change accordingly... #define _WIN32_WINNT 0x0501 // #define _WIN32_WINNT 0x0500 // Windows 2000 // #define _WIN32_WINNT 0x0400 // Windows NT 4.0 // #define _WIN32_WINDOWS 0x0500 // Windows ME // #define _WIN32_WINDOWS 0x0410 // Windows 98 // #define _WIN32_WINDOWS 0x0400 // Windows 95 #include #include #include BOOL AddMyEventSource( LPTSTR pszLogName, // Application log or a custom log LPTSTR pszSrcName, // event source name LPTSTR pszMsgDLL, // path for message DLL DWORD dwNum) // number of categories { HKEY hk; DWORD dwData; TCHAR szBuf[MAX_PATH]; // Create the event source as a subkey of the log. wsprintf(szBuf, "SYSTEM\\CurrentControlSet\\Services\\EventLog\\%s\\%s", pszLogName, pszSrcName); //******************************************** // Create the registry key if(RegCreateKey(HKEY_LOCAL_MACHINE, szBuf, &hk)) { printf("Could not create the registry key."); return FALSE; } else printf("SYSTEM\\CurrentControlSet\\Services\\EventLog\\%s\\%s created successfully.\n", pszLogName, pszSrcName); //******************************************** // Set the name of the message file. if(RegSetValueEx(hk, // subkey handle "EventMessageFile", // value name 0, // must be zero REG_EXPAND_SZ, // value type (LPBYTE) pszMsgDLL, // pointer to value data (DWORD) lstrlen(szBuf)+1)) // length of value data { printf("Could not set the event message file."); return FALSE; } else printf("The event message file has been set successfully.\n"); // Set the supported event types. dwData = EVENTLOG_ERROR_TYPE | EVENTLOG_WARNING_TYPE | EVENTLOG_INFORMATION_TYPE; //******************************************** if(RegSetValueEx(hk, // subkey handle "TypesSupported", // value name 0, // must be zero REG_DWORD, // value type (LPBYTE) &dwData, // pointer to value data sizeof(DWORD))) // length of value data { printf("Could not set the supported types."); return FALSE; } else printf("The supported types have been set successfully.\n"); //******************************************************** // Set the category message file and number of categories. if(RegSetValueEx(hk, // subkey handle "CategoryMessageFile", // value name 0, // must be zero REG_EXPAND_SZ, // value type (LPBYTE) pszMsgDLL, // pointer to value data here we set // same as "EventMessageFile" (DWORD) lstrlen(szBuf)+1)) // length of value data { printf("Could not set the category message file."); return FALSE; } else printf("The category message file has been set successfully.\n"); //******************************************** if(RegSetValueEx(hk, // subkey handle "CategoryCount", // value name 0, // must be zero REG_DWORD, // value type (LPBYTE) &dwNum, // pointer to value data sizeof(DWORD))) // length of value data { printf("Could not set the category count."); return FALSE; } else printf("The category count has been set successfully.\n"); // Close the key RegCloseKey(hk); return TRUE; } int main(int argc, wchar_t *argv[]) { // Application log or a custom log. Here we put a custom log just for learning! LPTSTR pszLogName = "MyCustLogTest"; // The event source name LPTSTR pszSrcName = "MyEventSrcName"; // The path for message dll, this dll or other executable file must exist lol! // here, mytestdll.dll just a dummy. You will know it when you restart // your computer if the created key does not deleted...:o) LPTSTR pszMsgDLL = "%SystemRoot%\\System32\\mytestdll.dll"; // number of categories. DWORD dwNum = 0x00000003; BOOL test = AddMyEventSource( pszLogName, // Application log or a custom log. Custom log here... pszSrcName, // event source name. pszMsgDLL, // path for message DLL. dwNum // number of categories. ); // Just to check the return value... printf("The AddMyEventSource() return value is: %u\n", test); return 0; } ============================================================================================================