自学教程：C++ AllocateAndInitializeSid函数代码示例

static BOOL is_process_limited(void){    static BOOL (WINAPI *pCheckTokenMembership)(HANDLE,PSID,PBOOL) = NULL;    static BOOL (WINAPI *pOpenProcessToken)(HANDLE, DWORD, PHANDLE) = NULL;    SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY};    PSID Group;    BOOL IsInGroup;    HANDLE token;    if (!pOpenProcessToken)    {        HMODULE hadvapi32 = GetModuleHandleA("advapi32.dll");        pOpenProcessToken = (void*)GetProcAddress(hadvapi32, "OpenProcessToken");        pCheckTokenMembership = (void*)GetProcAddress(hadvapi32, "CheckTokenMembership");        if (!pCheckTokenMembership || !pOpenProcessToken)        {            /* Win9x (power to the masses) or NT4 (no way to know) */            trace("missing pOpenProcessToken or CheckTokenMembership/n");            return FALSE;        }    }    if (!AllocateAndInitializeSid(&NtAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID,                                  DOMAIN_ALIAS_RID_ADMINS,                                  0, 0, 0, 0, 0, 0, &Group) ||        !pCheckTokenMembership(NULL, Group, &IsInGroup))    {        trace("Could not check if the current user is an administrator/n");        return FALSE;    }    if (!IsInGroup)    {        if (!AllocateAndInitializeSid(&NtAuthority, 2,                                      SECURITY_BUILTIN_DOMAIN_RID,                                      DOMAIN_ALIAS_RID_POWER_USERS,                                      0, 0, 0, 0, 0, 0, &Group) ||            !pCheckTokenMembership(NULL, Group, &IsInGroup))        {            trace("Could not check if the current user is a power user/n");            return FALSE;        }        if (!IsInGroup)        {            /* Only administrators and power users can be powerful */            return TRUE;        }    }    if (pOpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &token))    {        BOOL ret;        TOKEN_ELEVATION_TYPE type = TokenElevationTypeDefault;        DWORD size;        ret = GetTokenInformation(token, TokenElevationType, &type, sizeof(type), &size);        CloseHandle(token);        return (ret && type == TokenElevationTypeLimited);    }    return FALSE;}

static voidinit() {	// create security attributes for the pipe	// http://msdn.microsoft.com/en-us/library/windows/desktop/hh448449(v=vs.85).aspx	// define new Win 8 app related constants	memset(&g_explicitAccesses, 0, sizeof(g_explicitAccesses));	// Create a well-known SID for the Everyone group.	// FIXME: we should limit the access to current user only	// See this article for details: https://msdn.microsoft.com/en-us/library/windows/desktop/hh448493(v=vs.85).aspx	SID_IDENTIFIER_AUTHORITY worldSidAuthority = {SECURITY_WORLD_SID_AUTHORITY};	AllocateAndInitializeSid(&worldSidAuthority, 1,		SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &g_everyoneSID);	// https://services.land.vic.gov.au/ArcGIS10.1/edESRIArcGIS10_01_01_3143/Python/pywin32/PLATLIB/win32/Demos/security/explicit_entries.py	g_explicitAccesses[0].grfAccessPermissions = GENERIC_ALL;	g_explicitAccesses[0].grfAccessMode = SET_ACCESS;	g_explicitAccesses[0].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;	g_explicitAccesses[0].Trustee.pMultipleTrustee = NULL;	g_explicitAccesses[0].Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;	g_explicitAccesses[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;	g_explicitAccesses[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;	g_explicitAccesses[0].Trustee.ptstrName = (LPTSTR)g_everyoneSID;	// FIXME: will this work under Windows 7 and Vista?	// create SID for app containers	SID_IDENTIFIER_AUTHORITY appPackageAuthority = {SECURITY_APP_PACKAGE_AUTHORITY};	AllocateAndInitializeSid(&appPackageAuthority,		SECURITY_BUILTIN_APP_PACKAGE_RID_COUNT,		SECURITY_APP_PACKAGE_BASE_RID,		SECURITY_BUILTIN_PACKAGE_ANY_PACKAGE,		0, 0, 0, 0, 0, 0, &g_allAppsSID);	g_explicitAccesses[1].grfAccessPermissions = GENERIC_ALL;	g_explicitAccesses[1].grfAccessMode = SET_ACCESS;	g_explicitAccesses[1].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;	g_explicitAccesses[1].Trustee.pMultipleTrustee = NULL;	g_explicitAccesses[1].Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;	g_explicitAccesses[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;	g_explicitAccesses[1].Trustee.TrusteeType = TRUSTEE_IS_GROUP;	g_explicitAccesses[1].Trustee.ptstrName = (LPTSTR)g_allAppsSID;	// create DACL	DWORD err = SetEntriesInAcl(2, g_explicitAccesses, NULL, &g_acl);	if (0 == err) {		// security descriptor		g_securittyDescriptor = (PSECURITY_DESCRIPTOR)LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);		InitializeSecurityDescriptor(g_securittyDescriptor, SECURITY_DESCRIPTOR_REVISION);		// Add the ACL to the security descriptor. 		SetSecurityDescriptorDacl(g_securittyDescriptor, TRUE, g_acl, FALSE);	}	g_securityAttributes.nLength = sizeof(SECURITY_ATTRIBUTES);	g_securityAttributes.lpSecurityDescriptor = g_securittyDescriptor;	g_securityAttributes.bInheritHandle = TRUE;}

//设置注册表键读取的权限(KEY_READ||KEY_WRITE||KEY_ALL_ACCESS)int SetKeySecurityEx(HKEY MainKey,LPCTSTR SubKey,DWORD security) {    	HKEY  hKey; 	SID_IDENTIFIER_AUTHORITY sia = SECURITY_NT_AUTHORITY; 	PSID pSystemSid              = NULL; 	PSID pUserSid                = NULL; 	SECURITY_DESCRIPTOR sd; 	PACL    pDacl                = NULL; 	DWORD   dwAclSize; 	int     iResult              = 0;		__try	{  	   		if(RegOpenKeyEx(MainKey, SubKey, 0, WRITE_DAC, &hKey)!= ERROR_SUCCESS) 			__leave; 		if(!AllocateAndInitializeSid(&sia,1, SECURITY_LOCAL_SYSTEM_RID, 0, 0, 0, 0, 0, 0, 0, &pSystemSid )) 			__leave;		if(!AllocateAndInitializeSid( &sia, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS,0, 0, 0, 0, 0, 0, &pUserSid))  			__leave; 		dwAclSize = sizeof(ACL) + 2 * ( sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) ) + GetLengthSid(pSystemSid) + GetLengthSid(pUserSid) ; 		pDacl = (PACL)HeapAlloc(GetProcessHeap(), 0, dwAclSize); 		if(pDacl == NULL) 			__leave; 		if(!InitializeAcl(pDacl, dwAclSize, ACL_REVISION)) 			__leave; 		if(!AddAccessAllowedAce( pDacl, ACL_REVISION, KEY_ALL_ACCESS, pSystemSid )) 			__leave; 		if(!AddAccessAllowedAce( pDacl, ACL_REVISION, (unsigned long)security, pUserSid )) 			__leave; 		if(!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION)) 			__leave; 		if(!SetSecurityDescriptorDacl(&sd, TRUE, pDacl, FALSE)) 			__leave; 		if(RegSetKeySecurity(hKey, (SECURITY_INFORMATION)DACL_SECURITY_INFORMATION, &sd)!= ERROR_SUCCESS)			__leave;		iResult =1;	}	__finally	{  		RegCloseKey(MainKey); 		RegCloseKey(hKey); 				if(pDacl !=NULL)         			HeapFree(GetProcessHeap(), 0, pDacl);  		if(pSystemSid !=NULL)			FreeSid(pSystemSid);		if(pUserSid !=NULL)			FreeSid(pUserSid); 	}		return iResult;}

SECURITY_ATTRIBUTES SecurDescr::CreateSID(){	SID_IDENTIFIER_AUTHORITY SIDAuthWorld = SECURITY_WORLD_SID_AUTHORITY;    SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;	AllocateAndInitializeSid(&SIDAuthWorld, 1,                     SECURITY_WORLD_RID,                     0, 0, 0, 0, 0, 0, 0,                     &pEveryoneSID);	ZeroMemory(ea, 2 * sizeof(EXPLICIT_ACCESS));    ea[0].grfAccessPermissions = FILE_GENERIC_READ | FILE_GENERIC_WRITE | SYNCHRONIZE;    ea[0].grfAccessMode = SET_ACCESS;    ea[0].grfInheritance= NO_INHERITANCE;    ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;    ea[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;    ea[0].Trustee.ptstrName  = (LPTSTR) pEveryoneSID;	AllocateAndInitializeSid(&SIDAuthNT, 2,                     SECURITY_BUILTIN_DOMAIN_RID,                     DOMAIN_ALIAS_RID_ADMINS,                     0, 0, 0, 0, 0, 0,                     &pAdminSID);	ea[1].grfAccessPermissions = FILE_GENERIC_READ | FILE_GENERIC_WRITE | SYNCHRONIZE;    ea[1].grfAccessMode = SET_ACCESS;    ea[1].grfInheritance= NO_INHERITANCE;    ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;    ea[1].Trustee.TrusteeType = TRUSTEE_IS_GROUP;    ea[1].Trustee.ptstrName  = (LPTSTR) pAdminSID;	SetEntriesInAcl(2, ea, NULL, &pACL);	pSD = (PSECURITY_DESCRIPTOR) LocalAlloc(LPTR,                              SECURITY_DESCRIPTOR_MIN_LENGTH);	InitializeSecurityDescriptor(pSD,            SECURITY_DESCRIPTOR_REVISION);	SetSecurityDescriptorDacl(pSD,             TRUE,     // bDaclPresent flag               pACL,             FALSE);	sa.nLength = sizeof (SECURITY_ATTRIBUTES);    sa.lpSecurityDescriptor = pSD;    sa.bInheritHandle = FALSE;	return sa;}

bool getsids(char **error){#ifdef __clang__#pragma clang diagnostic push#pragma clang diagnostic ignored "-Wmissing-braces"#endif    SID_IDENTIFIER_AUTHORITY world_auth = SECURITY_WORLD_SID_AUTHORITY;    SID_IDENTIFIER_AUTHORITY nt_auth = SECURITY_NT_AUTHORITY;#ifdef __clang__#pragma clang diagnostic pop#endif    bool ret = false;    *error = NULL;    if (!usersid) {        if ((usersid = get_user_sid()) == NULL) {            *error = dupprintf("unable to construct SID for current user: %s",                               win_strerror(GetLastError()));            goto cleanup;        }    }    if (!worldsid) {        if (!AllocateAndInitializeSid(&world_auth, 1, SECURITY_WORLD_RID,                                      0, 0, 0, 0, 0, 0, 0, &worldsid)) {            *error = dupprintf("unable to construct SID for world: %s",                               win_strerror(GetLastError()));            goto cleanup;        }    }    if (!networksid) {        if (!AllocateAndInitializeSid(&nt_auth, 1, SECURITY_NETWORK_RID,                                      0, 0, 0, 0, 0, 0, 0, &networksid)) {            *error = dupprintf("unable to construct SID for "                               "local same-user access only: %s",                               win_strerror(GetLastError()));            goto cleanup;        }    }    ret = true; cleanup:    return ret;}

bool RegKeyOwnerAquireRestore::Aquire(HKEY hRootKey, LPCTSTR lpszSubKey){    XL_INFO_FUNCTION();    if (!Backup(hRootKey, lpszSubKey))    {        XL_WARNING(_T("Failed to backup, operation will not be restored. Key lpszSubKey."));    }    HKEY hKey = nullptr;    LSTATUS lRes = RegOpenKeyEx(hRootKey,                                lpszSubKey,                                0,                                WRITE_OWNER,                                &hKey);    if (lRes != ERROR_SUCCESS || hKey == nullptr)    {        XL_ERROR(_T("Failed to open key with WRITE_OWNER access. Key: %s."), lpszSubKey);        return false;    }    XL_ON_BLOCK_EXIT(RegCloseKey, hKey);    SECURITY_DESCRIPTOR sd = {};    if (!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION))    {        XL_ERROR(_T("Failed to initialize security descriptor."));        return false;    }    PSID pSid = nullptr;    SID_IDENTIFIER_AUTHORITY SIDAuthAdmin = SECURITY_NT_AUTHORITY;    if (!AllocateAndInitializeSid(&SIDAuthAdmin, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &pSid))    {        XL_ERROR(_T("Failed to initialize Sid for Administrators."));        return false;    }    XL_ON_BLOCK_EXIT(FreeSid, pSid);    if (!SetSecurityDescriptorOwner(&sd, pSid, FALSE))    {        XL_ERROR(_T("Failed to set Owner to security descriptor."));        return false;    }    lRes = RegSetKeySecurity(hKey, OWNER_SECURITY_INFORMATION, &sd);    if (lRes != ERROR_SUCCESS)    {        XL_ERROR(_T("Failed to set Owner to Key: %s."), lpszSubKey);        return false;    }    return true;}

BOOL IsUserAdmin()/*++Routine Description: This routine returns TRUE if the caller'sprocess is a member of the Administrators local group. Caller is NOTexpected to be impersonating anyone and is expected to be able toopen its own process and process token.Arguments: None.Return Value:	TRUE - Caller has Administrators local group.	FALSE - Caller does not have Administrators local group. --from http://msdn.microsoft.com/en-us/library/windows/desktop/aa376389(v=vs.85).aspx*/{	BOOL ret;	SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;	PSID AdministratorsGroup;	ret = AllocateAndInitializeSid(		  &NtAuthority,		  2,		  SECURITY_BUILTIN_DOMAIN_RID,		  DOMAIN_ALIAS_RID_ADMINS,		  0, 0, 0, 0, 0, 0,		  &AdministratorsGroup);	if (ret) {		if (!CheckTokenMembership(NULL, AdministratorsGroup, &ret)) {			ret = FALSE;		}		FreeSid(AdministratorsGroup);	}	return ret;}

bool IsUserAdmin(){	// No need to show any "Shield" on XP or 2k	_ASSERTE(_WIN32_WINNT_VISTA==0x600);	OSVERSIONINFOEXW osvi = {sizeof(osvi), HIBYTE(_WIN32_WINNT_VISTA), LOBYTE(_WIN32_WINNT_VISTA)};	DWORDLONG const dwlConditionMask = VerSetConditionMask(VerSetConditionMask(0, VER_MAJORVERSION, VER_GREATER_EQUAL), VER_MINORVERSION, VER_GREATER_EQUAL);	if (!VerifyVersionInfoW(&osvi, VER_MAJORVERSION | VER_MINORVERSION, dwlConditionMask))		return false;	BOOL b;	SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY};	PSID AdministratorsGroup;	b = AllocateAndInitializeSid(			&NtAuthority,			2,			SECURITY_BUILTIN_DOMAIN_RID,			DOMAIN_ALIAS_RID_ADMINS,			0, 0, 0, 0, 0, 0,			&AdministratorsGroup);	if (b)	{		if (!CheckTokenMembership(NULL, AdministratorsGroup, &b))		{			b = FALSE;		}		FreeSid(AdministratorsGroup);	}	return (b ? true : false);}

bool IsUserAdmin(){	// Проверять нужно только для висты и выше	if (gOSVer.dwMajorVersion < 6)		return FALSE;	BOOL b;	SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY};	PSID AdministratorsGroup;	b = AllocateAndInitializeSid(	        &NtAuthority,	        2,	        SECURITY_BUILTIN_DOMAIN_RID,	        DOMAIN_ALIAS_RID_ADMINS,	        0, 0, 0, 0, 0, 0,	        &AdministratorsGroup);	if (b)	{		if (!CheckTokenMembership(NULL, AdministratorsGroup, &b))		{			b = FALSE;		}		FreeSid(AdministratorsGroup);	}	return (b != 0);}

BOOL make_relative_sid(PSID* answer, PSID base, ULONG relative_id){  int     count;  int     i;  if (answer == NULL)    return print_error(L"Error in make_relative_sid: answer is NULL./n");  if (base == NULL)    return print_error(L"Error in make_relative_sid: base is NULL./n");  if (!IsValidSid(base))    return print_error(L"Error in make_relative_sid: base is not a valid SID./n");  count = *GetSidSubAuthorityCount(base);  if (count > 7)    return print_error(L"Error in make_relative_sid: base has too many sub-authorities./n");  if (!AllocateAndInitializeSid( GetSidIdentifierAuthority(base)                               , 1 + count                               , 0, 0, 0, 0, 0, 0, 0, 0, answer))    return win_error(GetLastError(), L"AllocateAndInitializeSid");  for(i=0; i<count; i++)  {    *GetSidSubAuthority(*answer, i) = *GetSidSubAuthority(base, i);  }  *GetSidSubAuthority(*answer, count) = relative_id;  return TRUE;}

// Returns true if the caller's process is a member of the Administrators local group.// Caller is NOT expected to be impersonating anyone and is expected to be able to// open its own process and process token.// Return Value: //   true - Caller has Administrators local group. //   false - Caller does not have Administrators local group.// Taken from the MS website:// http://msdn2.microsoft.com/en-us/library/aa376389.aspxbool MasterInstaller_t::IsCurrentUserLocalAdministrator(){	// First check if we are running Windows 98 or earlier. If so, we are an administrator:	if (g_OSVersion < OSVersion_t::Win2k)		return true;	if (!_CheckTokenMembership)		return false;	BOOL b;	SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;	PSID AdministratorsGroup;	b = AllocateAndInitializeSid(&NtAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID,		DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &AdministratorsGroup);	if (b)	{		if (!_CheckTokenMembership(NULL, AdministratorsGroup, &b))		{			b = false;		}		FreeSid(AdministratorsGroup);	}	return !!b;}

BOOL kuhl_m_kernel_addWorldToMimikatz(SC_HANDLE monHandle){	BOOL status = FALSE;	DWORD dwSizeNeeded;	PSECURITY_DESCRIPTOR oldSd, newSd;	SECURITY_DESCRIPTOR dummySdForXP;	SID_IDENTIFIER_AUTHORITY SIDAuthWorld = SECURITY_WORLD_SID_AUTHORITY;	EXPLICIT_ACCESS ForEveryOne = {		SERVICE_QUERY_STATUS | SERVICE_QUERY_CONFIG | SERVICE_INTERROGATE | SERVICE_ENUMERATE_DEPENDENTS | SERVICE_PAUSE_CONTINUE | SERVICE_START | SERVICE_STOP | SERVICE_USER_DEFINED_CONTROL | READ_CONTROL,		SET_ACCESS,		NO_INHERITANCE,		{NULL, NO_MULTIPLE_TRUSTEE, TRUSTEE_IS_SID, TRUSTEE_IS_WELL_KNOWN_GROUP, NULL}	};	if(!QueryServiceObjectSecurity(monHandle, DACL_SECURITY_INFORMATION, &dummySdForXP, 0, &dwSizeNeeded) && (GetLastError() == ERROR_INSUFFICIENT_BUFFER))	{		if(oldSd = (PSECURITY_DESCRIPTOR) LocalAlloc(LPTR, dwSizeNeeded))		{			if(QueryServiceObjectSecurity(monHandle, DACL_SECURITY_INFORMATION, oldSd, dwSizeNeeded, &dwSizeNeeded))			{				if(AllocateAndInitializeSid(&SIDAuthWorld, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, (PSID *)&ForEveryOne.Trustee.ptstrName))				{					if(BuildSecurityDescriptor(NULL, NULL, 1, &ForEveryOne, 0, NULL, oldSd, &dwSizeNeeded, &newSd) == ERROR_SUCCESS)					{						status = SetServiceObjectSecurity(monHandle, DACL_SECURITY_INFORMATION, newSd);						LocalFree(newSd);					}					FreeSid(ForEveryOne.Trustee.ptstrName);				}			}			LocalFree(oldSd);		}	}	return status;}

/*********************************************************************** *              IsNTAdmin	([email
C++ AllocateBuffer函数代码示例
C++ AllocWinding函数代码示例