Page 1 of 1

What's wrong with my code?

Posted: Fri Jun 23, 2006 4:47 am
by jzjjony
I try to change a registry key's DACL,but there is an error in //*********
line,could you tell me why and what can i do?

My code:

var
dwRet:dword;
SamName:LPSTR;
pSD:PSECURITY_DESCRIPTOR;
pOldDacl,pNewDacl:PACL;
ea:EXPLICIT_ACCESS_A ;
Keys:HKEY ;
reg:tregistry;
str:tstringlist;
begin
keys:=0;
getmem(samname,MAX_PATH);
strcopy(samname,'MACHINE\SAM\SAM');
try
if SetEntriesInAcl(0, nil, nil, pOldDacl)<>ERROR_SUCCESS then
begin
messagebox(handle,'Error 1','infromation',mb_ok);
exit;;
end ;

if SetEntriesInAcl(0, nil, nil, pNewDacl)<>ERROR_SUCCESS then
begin
messagebox(handle,'Error 2','infromation',mb_ok);
exit;;
end ;
if GetNamedSecurityInfo(SamName, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION,
nil, nil, pOldDacl, nil, pSD)<>ERROR_SUCCESS then
begin
messagebox(handle,'get SAM's DACL Error','infromation',mb_ok);
exit;;
end;
ZeroMemory(@ea, sizeof(EXPLICIT_ACCESS_A));
BuildExplicitAccessWithName(@ea, 'Everyone',GENERIC_ALL{ KEY_ALL_ACCESS}, SET_ACCESS,
SUB_CONTAINERS_AND_OBJECTS_INHERIT);
if (pNewDacl=nil) then //************error here,"pNewDacl" always nil
messagebox(handle,'Build New DACL error ','infromation',mb_ok);
dwRet:= SetEntriesInAcl(1, @ea, pOldDacl, pNewDacl);
if dwRet<>ERROR_SUCCESS then
begin
messagebox(handle,'Error add new DACL ','infromation',mb_ok);
exit;;
end;
if SetNamedSecurityInfo(SamName, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION,
nil, nil, pNewDacl, nil)<> ERROR_SUCCESS then
begin
messagebox(handle,'Fresh SAM's DACL ','infromation',mb_ok);
exit;;
end;

// ope SAM's subkey and do something
reg:=tregistry.Create ;
str:=tstringlist.Create;
reg.RootKey:=HKEY_LOCAL_MACHINE;
if reg.OpenKey('SAM\SAM',false) then
begin
reg.GetKeyNames(str);
memo1.Lines.AddStrings(str);
end;
reg.CloseKey;
finally
if Keys<>0 then RegCloseKey(Keys);
if pNewDacl<>nil then LocalFree(dword(pNewDacl));
if pOldDacl<>nil then SetNamedSecurityInfo(SamName, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION,
nil, nil, pOldDacl, nil);
if pSD<>nil then LocalFree(dword(pSD));
if samname<>nil then freemem(samname);
end;
end;

Posted: Fri Jun 23, 2006 9:02 am
by madshi
You're posting in the madSecurity forum, but seemingly you're not using madSecurity. By using madSecurity you could have it easier, because it calls all those nasty win32 APIs for you internally.

http://help.madshi.net/madSecurity.htm