What's wrong with my code?

delphi package - easy access to security apis
Post Reply
jzjjony
Posts: 15
Joined: Mon Jan 23, 2006 12:33 pm

What's wrong with my code?

Post by jzjjony »

I try to change a registry key's DACL,but there is an error in //*********
line,could you tell me why and what can i do?

My code:

var
dwRet:dword;
SamName:LPSTR;
pSD:PSECURITY_DESCRIPTOR;
pOldDacl,pNewDacl:PACL;
ea:EXPLICIT_ACCESS_A ;
Keys:HKEY ;
reg:tregistry;
str:tstringlist;
begin
keys:=0;
getmem(samname,MAX_PATH);
strcopy(samname,'MACHINE\SAM\SAM');
try
if SetEntriesInAcl(0, nil, nil, pOldDacl)<>ERROR_SUCCESS then
begin
messagebox(handle,'Error 1','infromation',mb_ok);
exit;;
end ;

if SetEntriesInAcl(0, nil, nil, pNewDacl)<>ERROR_SUCCESS then
begin
messagebox(handle,'Error 2','infromation',mb_ok);
exit;;
end ;
if GetNamedSecurityInfo(SamName, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION,
nil, nil, pOldDacl, nil, pSD)<>ERROR_SUCCESS then
begin
messagebox(handle,'get SAM's DACL Error','infromation',mb_ok);
exit;;
end;
ZeroMemory(@ea, sizeof(EXPLICIT_ACCESS_A));
BuildExplicitAccessWithName(@ea, 'Everyone',GENERIC_ALL{ KEY_ALL_ACCESS}, SET_ACCESS,
SUB_CONTAINERS_AND_OBJECTS_INHERIT);
if (pNewDacl=nil) then //************error here,"pNewDacl" always nil
messagebox(handle,'Build New DACL error ','infromation',mb_ok);
dwRet:= SetEntriesInAcl(1, @ea, pOldDacl, pNewDacl);
if dwRet<>ERROR_SUCCESS then
begin
messagebox(handle,'Error add new DACL ','infromation',mb_ok);
exit;;
end;
if SetNamedSecurityInfo(SamName, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION,
nil, nil, pNewDacl, nil)<> ERROR_SUCCESS then
begin
messagebox(handle,'Fresh SAM's DACL ','infromation',mb_ok);
exit;;
end;

// ope SAM's subkey and do something
reg:=tregistry.Create ;
str:=tstringlist.Create;
reg.RootKey:=HKEY_LOCAL_MACHINE;
if reg.OpenKey('SAM\SAM',false) then
begin
reg.GetKeyNames(str);
memo1.Lines.AddStrings(str);
end;
reg.CloseKey;
finally
if Keys<>0 then RegCloseKey(Keys);
if pNewDacl<>nil then LocalFree(dword(pNewDacl));
if pOldDacl<>nil then SetNamedSecurityInfo(SamName, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION,
nil, nil, pOldDacl, nil);
if pSD<>nil then LocalFree(dword(pSD));
if samname<>nil then freemem(samname);
end;
end;
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

You're posting in the madSecurity forum, but seemingly you're not using madSecurity. By using madSecurity you could have it easier, because it calls all those nasty win32 APIs for you internally.

http://help.madshi.net/madSecurity.htm
Post Reply