📄 install.cpp
字号:
}
//________________________________________
//
// ErrorHandler routine
//
//
void errorHandler (char *s, DWORD err)
{
char *errtext;
errtext = (char*)malloc (strlen (s) + 25);
sprintf(errtext, "%s error number= %d\n", s, err);
MessageBox( NULL, errtext, "err",MB_OK | MB_ICONERROR);
free (errtext);
return;
}
//________________________________________
//
// Code to start a stopped service
//
INT StartServ (LPSTR ServiceName)
{
SERVICE_STATUS STATUS;
SC_HANDLE hSCManager;
SC_HANDLE hService;
int iReturn;
hSCManager = NULL;
hService = NULL;
iReturn = false;
/*#define SERVICE_STOPPED 0x00000001
#define SERVICE_START_PENDING 0x00000002
#define SERVICE_STOP_PENDING 0x00000003
#define SERVICE_RUNNING 0x00000004
#define SERVICE_CONTINUE_PENDING 0x00000005
#define SERVICE_PAUSE_PENDING 0x00000006
#define SERVICE_PAUSED 0x00000007*/
hSCManager = OpenSCManager (// pointer to machine name string
NULL,
// pointer to database name string
NULL,
// type of access
SC_MANAGER_ALL_ACCESS
);
hService = OpenService (// handle to service control manager db
hSCManager,
// pointer to name of service to start
ServiceName,
// type of access to service
SERVICE_ALL_ACCESS
);
StartService (// handle to service control manager db
hService,
// number of sevice arguments
0,
// ServiceArgsVector
NULL);
while( QueryServiceStatus (hService, &STATUS) )
{
if ((STATUS.dwCurrentState) != (SERVICE_START_PENDING))
break;
Sleep (1250);
}
CloseServiceHandle (hService);
CloseServiceHandle (hSCManager);
if(STATUS.dwCurrentState == SERVICE_RUNNING)
return 1;
else
return 0;
}
#if PGPCERTD
/* Find out the account or group name even if renamed or internationalized. */
static BOOL GetAccountName(char *szAcctName, DWORD cbAcctName, SID_IDENTIFIER_AUTHORITY *sia,
BYTE subauthorityCount, DWORD subauthority)
{
CHAR szDomainName[81];
DWORD cbDomainName = sizeof szDomainName - 1;
PSID pSID;
SID_NAME_USE eSNU;
if (AllocateAndInitializeSid(sia, subauthorityCount, subauthority, DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0, &pSID))
{
if (LookupAccountSid(NULL, pSID, szAcctName, &cbAcctName, szDomainName, &cbDomainName, &eSNU))
{
FreeSid(pSID);
return TRUE;
}
}
return FALSE;
}
/* A reusable function for finding out the administrators group name even if
renamed or internationalized. This routine allocates static storage for the
name. This is necessary in order to use the name with BuildExplicitAccessWithName. */
char *GetAdminGroupName()
{
SID_IDENTIFIER_AUTHORITY ntAuthority = SECURITY_NT_AUTHORITY;
static char name[81];
if (!GetAccountName(name, sizeof name - 1, &ntAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID))
return NULL;
return name;
}
/* A reusable function for finding out the system account name even if
renamed or internationalized. This routine allocates static storage for the
name. This is necessary in order to use the name with BuildExplicitAccessWithName. */
char *GetSystemAcctName()
{
SID_IDENTIFIER_AUTHORITY ntAuthority = SECURITY_NT_AUTHORITY;
static char name[81];
if (!GetAccountName(name, sizeof name - 1, &ntAuthority, 1, SECURITY_LOCAL_SYSTEM_RID))
return NULL;
return name;
}
/* A reusable function for finding out the creator owner name even if
renamed or internationalized. This routine allocates static storage for the
name. This is necessary in order to use the name with BuildExplicitAccessWithName. */
char *GetCreatorOwnerName()
{
SID_IDENTIFIER_AUTHORITY creatorAuthority = SECURITY_CREATOR_SID_AUTHORITY;
static char name[81];
if (!GetAccountName(name, sizeof name - 1, &creatorAuthority, 1, SECURITY_CREATOR_OWNER_RID))
return NULL;
return name;
}
static BOOL TraverseAndSecureDirectoryTree(char* szRootDir)
{
HANDLE hndFileFound;
WIN32_FIND_DATA fdFileFound;
BOOL bReturn = FALSE;
char szCurDir[_MAX_PATH + 1];
char szNewDir[_MAX_PATH + 1];
if (strcmp(szRootDir, "..") == 0 || strcmp(szRootDir, ".") == 0)
return TRUE;
// Save the current directory so that we can restore it eventually
if (GetCurrentDirectory(_MAX_PATH, szCurDir) == 0)
return FALSE;
// Start us off by making the specified root directory our working root
if (SetCurrentDirectory(szRootDir) == FALSE)
goto Return;
if (GetCurrentDirectory(_MAX_PATH, szNewDir) == 0)
goto Return;
/* We could use SetNamedSecurityInfo here instead, which would be simpler,
but it runs amazingly slow for some reason. */
if (!SetFileSecurity(szNewDir, DACL_SECURITY_INFORMATION, &directorySecurityDescriptor))
goto Return;
hndFileFound = FindFirstFile("*.*", &fdFileFound);
while (hndFileFound != INVALID_HANDLE_VALUE)
{
if (fdFileFound.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)
{
if (!TraverseAndSecureDirectoryTree(fdFileFound.cFileName))
goto Return;
}
else
if (!SetFileSecurity(fdFileFound.cFileName, DACL_SECURITY_INFORMATION, &fileSecurityDescriptor))
goto Return;
if (FindNextFile(hndFileFound, &fdFileFound) == FALSE)
break;
}
// We made it this far, so we're cleaning up after successful run
bReturn = TRUE;
FindClose(hndFileFound);
Return:
// Restore the initially current directory
if (SetCurrentDirectory(szCurDir) == FALSE)
return FALSE;
return bReturn;
}
/* This is intended as a reusable function for setting the security of a
directory and all of its subdirectories and files. The security for
directories is specified by dirAccesses, for files by fileAccesses. The
caller must build using BuildExplicitAccessWithName or other means. */
BOOL SecureDirectoryTree(char *szDirRoot, EXPLICIT_ACCESS *dirAccesses, DWORD dirAccessesCount,
EXPLICIT_ACCESS *fileAccesses, DWORD fileAccessesCount)
{
BOOL wasSuccessful;
PACL fileAcl;
PACL directoryAcl;
/* Create an ACL for files and for directories from the two explicit access
structures. */
if (SetEntriesInAcl(fileAccessesCount, fileAccesses, NULL, &fileAcl) != ERROR_SUCCESS)
return FALSE;
if (SetEntriesInAcl(dirAccessesCount, dirAccesses, NULL, &directoryAcl) != ERROR_SUCCESS)
{
LocalFree(fileAcl);
return FALSE;
}
if (!InitializeSecurityDescriptor(&fileSecurityDescriptor, SECURITY_DESCRIPTOR_REVISION))
return FALSE;
if (!SetSecurityDescriptorDacl(&fileSecurityDescriptor, TRUE, fileAcl, FALSE))
return FALSE;
if (!InitializeSecurityDescriptor(&directorySecurityDescriptor, SECURITY_DESCRIPTOR_REVISION))
return FALSE;
if (!SetSecurityDescriptorDacl(&directorySecurityDescriptor, TRUE, directoryAcl, FALSE))
return FALSE;
/* As the directories are traversed, set the directories and files to the
desired acceses. */
wasSuccessful = TraverseAndSecureDirectoryTree(szDirRoot);
LocalFree(fileAcl);
LocalFree(directoryAcl);
return wasSuccessful;
}
__declspec(dllexport)
BOOL CALLBACK SetPermissions(char* szDirRoot)
{
DWORD dwDummy;
char szFileSystem[41];
DWORD cbFS = 40;
char szDrive[] = "x:\\";
EXPLICIT_ACCESS fileAccesses[3];
EXPLICIT_ACCESS dirAccesses[3];
char *name;
// Don't do this for "FAT" or "FAT32" file systems.
szDrive[0] = szDirRoot[0];
if ( szDrive[0] != '\\' )
{
if (GetVolumeInformation(szDrive, NULL, 0, NULL, &dwDummy, &dwDummy, szFileSystem, cbFS) == FALSE)
return FALSE;
if (strnicmp(szFileSystem, "FAT", strlen("FAT")) == 0)
return TRUE;
};
/* Get the names of the account and group names to set access for, even if
if they are renamed or internationalized. Build explicit access
structures for each of them to define their permissions. */
name = GetAdminGroupName();
if (name == NULL)
return FALSE;
BuildExplicitAccessWithName(&fileAccesses[0], name, GENERIC_ALL, SET_ACCESS, NO_INHERITANCE);
BuildExplicitAccessWithName(&dirAccesses[0], name, GENERIC_ALL, SET_ACCESS, SUB_CONTAINERS_AND_OBJECTS_INHERIT);
name = GetSystemAcctName();
if (name == NULL)
return FALSE;
BuildExplicitAccessWithName(&fileAccesses[1], name, GENERIC_ALL, SET_ACCESS, NO_INHERITANCE);
BuildExplicitAccessWithName(&dirAccesses[1], name, GENERIC_ALL, SET_ACCESS, SUB_CONTAINERS_AND_OBJECTS_INHERIT);
name = GetCreatorOwnerName();
if (name == NULL)
return FALSE;
BuildExplicitAccessWithName(&fileAccesses[2], name, GENERIC_ALL, SET_ACCESS, NO_INHERITANCE);
BuildExplicitAccessWithName(&dirAccesses[2], name, GENERIC_ALL, SET_ACCESS, SUB_CONTAINERS_AND_OBJECTS_INHERIT);
return SecureDirectoryTree(szDirRoot, dirAccesses, 3, fileAccesses, 3);
}
static PACL regAcl;
static HKEY rootKey;
static BOOL TraverseAndSecureKeys(LPTSTR keyName)
{
HKEY key;
DWORD index;
BOOL wasSuccessful;
LONG retCode;
TCHAR subKeyName[MAX_PATH + 1];
TCHAR nextKeyName[MAX_PATH + 1];
if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, keyName, 0, KEY_ALL_ACCESS, &key) != ERROR_SUCCESS)
return FALSE;
__try
{
wasSuccessful = SetSecurityInfo(key, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION, NULL, NULL,
regAcl, NULL) == ERROR_SUCCESS;
if (!wasSuccessful)
__leave;
for (index = 0; ; ++index)
{
retCode = RegEnumKey(key, index, subKeyName, sizeof subKeyName);
if (retCode == ERROR_NO_MORE_ITEMS)
__leave;
wasSuccessful = retCode == ERROR_SUCCESS;
if (!wasSuccessful)
__leave;
strcpy(nextKeyName, "");
strncat(nextKeyName, keyName, sizeof nextKeyName);
strncat(nextKeyName, "\\", sizeof nextKeyName);
strncat(nextKeyName, subKeyName, sizeof nextKeyName);
wasSuccessful = TraverseAndSecureKeys(nextKeyName);
if (!wasSuccessful)
__leave;
}
}
__finally
{
RegCloseKey(key);
}
return wasSuccessful;
}
/* This is intended as a reusable function for setting the security of a
registry key and all of its sub keys. The security is specified by accesses,
which the caller must build using BuildExplicitAccessWithName or other
means. */
BOOL SecureRegistryTree(HKEY aRootKey, char *keyName, EXPLICIT_ACCESS *accesses, DWORD accessesCount)
{
BOOL wasSuccessful;
/* Create an ACL that contains the access permissions. */
if (SetEntriesInAcl(accessesCount, accesses, NULL, ®Acl) != ERROR_SUCCESS)
return FALSE;
/* Traverse the reg key tree, setting all key's security to regAcl. */
rootKey = aRootKey;
wasSuccessful = TraverseAndSecureKeys(keyName);
LocalFree(regAcl);
return wasSuccessful;
}
__declspec(dllexport)
BOOL CALLBACK SetRegPermissions(DWORD rootKeyAsDWord, char* keyName)
{
EXPLICIT_ACCESS accesses[3];
char *name;
/* Build an explicit access structure for admin group. */
name = GetAdminGroupName();
if (name == NULL)
return FALSE;
BuildExplicitAccessWithName(&accesses[0], name, KEY_ALL_ACCESS, SET_ACCESS,
SUB_CONTAINERS_AND_OBJECTS_INHERIT);
/* Build an explicit access structure for system account. */
name = GetSystemAcctName();
if (name == NULL)
return FALSE;
BuildExplicitAccessWithName(&accesses[1], name, KEY_ALL_ACCESS, SET_ACCESS,
SUB_CONTAINERS_AND_OBJECTS_INHERIT);
/* Build an explicit access structure for creator owner. */
name = GetCreatorOwnerName();
if (name == NULL)
return FALSE;
BuildExplicitAccessWithName(&accesses[2], name, KEY_ALL_ACCESS, SET_ACCESS,
SUB_CONTAINERS_AND_OBJECTS_INHERIT);
/* Traverse the reg key tree, setting all key's security. */
return SecureRegistryTree((HKEY)rootKeyAsDWord, keyName, accesses, 3);
}
#else
__declspec(dllexport)
BOOL CALLBACK SetRegPermissions(DWORD rootKeyAsDWord, char* keyName)
{
return 0;
}
__declspec(dllexport)
BOOL CALLBACK SetPermissions(char* szDirRoot)
{
return 0;
}
#endif⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -