代码中一开始的 几个 USES 单元,可能是多余的。
unit ShareRestrictedSD; interface uses
Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms,
Shlobj, ActiveX, Dialogs,Shellapi; ///////////////////
//如果这家伙起作用,那么它的作者是jiangsheng(C++);
//如果这家伙一点用没有,那我不知道它的作者
//以上为 jiangsheng 的声明.
//使用方法.
//var
// SharedSD:TShareRestrictedSD; //创建一个工具类.
// try
// SharedSD:=TShareRestrictedSD.Create;
// FMappingHandle :=
// CreateFileMapping(
// $FFFFFFFF, {to virtual memory}
// SharedSD.GetSA, //获得一个超级用户安全对象.
// page_readwrite,
// ,
// FSize,
// pchar(FNameToCreate));
// finally
// if (SharedSD <> nil) then
// begin
// FreeAndNil(SharedSD); //一定要记得释放
// end;
// end;
//修改:Flying Wang 和 爱吃猪头肉
/////////////////// const
SECURITY_NULL_SID_AUTHORITY = $;
SECURITY_WORLD_SID_AUTHORITY = $;
SECURITY_LOCAL_SID_AUTHORITY = $;
SECURITY_CREATOR_SID_AUTHORITY = $;
SECURITY_NT_AUTHORITY = $; ACL_REVISION = $; SECURITY_NULL_RID = $;
SECURITY_LOCAL_RID = $;
SECURITY_WORLD_RID = $;
SECURITY_CREATOR_OWNER_RID = $;
SECURITY_DIALUP_RID = $;
SECURITY_CREATOR_GROUP_RID = $;
SECURITY_NETWORK_RID = $;
SECURITY_BATCH_RID = $;
SECURITY_INTERACTIVE_RID = $;
SECURITY_LOGON_IDS_RID = $;
SECURITY_SERVICE_RID = $;
SECURITY_LOCAL_SYSTEM_RID =$;
SECURITY_BUILTIN_DOMAIN_RID =$; HEAP_NO_SERIALIZE = $;
HEAP_GROWABLE = $;
HEAP_GENERATE_EXCEPTIONS = $;
HEAP_ZERO_MEMORY = $;
HEAP_REALLOC_IN_PLACE_ONLY =$;
HEAP_TAG_SHIFT =$;
HEAP_TAIL_CHECKING_ENABLED =$;
HEAP_FREE_CHECKING_ENABLED =$;
HEAP_DISABLE_COALESCE_ON_FREE =$;
HEAP_MAXIMUM_TAG =$0FFF;
HEAP_PSEUDO_TAG_FLAG =$;
HEAP_CREATE_ALIGN_ =$;
HEAP_CREATE_ENABLE_TRACING =$; type PACE_HEADER = ^TACE_HEADER;
_ACE_HEADER = record
AceType:Byte;
AceFlags:Byte;
AceSize:Word;
end;
TACE_HEADER = _ACE_HEADER;
ACE_HEADER = _ACE_HEADER; // ACCESS_MASK = DWORD; PACCESS_ALLOWED_ACE = ^TACCESS_ALLOWED_ACE;
_ACCESS_ALLOWED_ACE = record
Header:TACE_HEADER;
Mask:ACCESS_MASK;
SidStart:DWORD;
end;
TACCESS_ALLOWED_ACE = _ACCESS_ALLOWED_ACE;
ACCESS_ALLOWED_ACE = _ACCESS_ALLOWED_ACE; TShareRestrictedSD =class(TObject)
private
{ Private-Deklarationen }
ptr:Pointer;
sa:TSecurityAttributes;
sd:TSecurityDescriptor;
protected
{ Protected-Deklarationen }
public
{ Public-Deklarationen }
Constructor Create;
Destructor Destroy; override;
function GetSA:PSecurityAttributes;
published
{ Published-Deklarationen }
end; implementation Const
DefSubAuthorityCount = ; Function BuildRestrictedSD(pSD: PSecurityDescriptor): Pointer;
var
dwAclLength: DWORD;
psideveryone: PSID;
pDACL: PACL;
bResult: Boolean;
pACE: PACCESS_ALLOWED_ACE;
siaWorld: TSIDIdentifierAuthority;
si: SECURITY_INFORMATION;
begin
Result := nil;
psideveryone := nil;
pDACL := nil;
bResult := False;
pACE := nil;
FillMemory(@siaWorld,Sizeof(siaWorld),SECURITY_NULL_SID_AUTHORITY);
siaWorld.Value[]:=SECURITY_WORLD_SID_AUTHORITY;
si := DACL_SECURITY_INFORMATION;
try
// initialize the security descriptor
if (not InitializeSecurityDescriptor(pSD,
SECURITY_DESCRIPTOR_REVISION)) then
begin
//InitializeSecurityDescriptor() failed;
exit;
end;
// obtain a sid for the Authenticated Users Group
if (not AllocateAndInitializeSid(siaWorld,
DefSubAuthorityCount,
SECURITY_WORLD_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
psidEveryone)) then
begin
//AllocateAndInitializeSid() failed;
exit;
end;
// NOTE:
//
// The Authenticated Users group includes all user accounts that
// have been successfully authenticated by the system. If access
// must be restricted to a specific user or group other than
// Authenticated Users, the SID can be constructed using the
// LookupAccountSid() API based on a user or group name. // calculate the DACL length
dwAclLength := sizeof(ACL)
// add space for Authenticated Users group ACE
+ sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD)
+ GetLengthSid(psidEveryone);
// allocate memory for the DACL
pDACL := PACL(HeapAlloc(GetProcessHeap, HEAP_ZERO_MEMORY,
dwAclLength));
if (pDACL = nil) then
begin
//HeapAlloc() failed;
exit;
end;
// initialize the DACL
if (not InitializeAcl(pDACL^, dwAclLength, ACL_REVISION)) then
begin
//InitializeAcl() failed
exit;
end;
// add the Authenticated Users group ACE to the DACL with
// GENERIC_READ, GENERIC_WRITE, and GENERIC_EXECUTE access
if (not AddAccessAllowedAce(pDACL^, ACL_REVISION,
GENERIC_ALL,
psidEveryone)) then
begin
//AddAccessAllowedAce() failed;
exit;
end;
// set the DACL in the security descriptor
if (not SetSecurityDescriptorDacl(pSD, TRUE, pDACL, FALSE)) then
begin
//SetSecurityDescriptorDacl() failed;
exit;
end;
bResult := True;
finally
if (psidEveryone <> nil) then
begin
FreeSid(psidEveryone);
end;
if (not bResult) then
begin
if (pDACL <> nil) then
begin
HeapFree(GetProcessHeap, , pDACL);
end;
pDACL := nil;
end;
end;
Result := pDACL;
end; //The following function frees memory allocated in the
// BuildRestrictedSD() function
procedure FreeRestrictedSD(ptr: Pointer);
begin
if (ptr <> nil) then
begin
HeapFree(GetProcessHeap, , ptr);
end;
end; Constructor TShareRestrictedSD.Create;
begin
ptr := nil;
sa.nLength := Sizeof(sa);
sa.lpSecurityDescriptor := @Sd;
sa.bInheritHandle := False;
// build a restricted security descriptor
if Win32Platform = VER_PLATFORM_WIN32_NT then
begin
ptr := BuildRestrictedSD(@sd);
if (ptr = nil) then
begin
Raise Exception.Create('BuildRestrictedSD failed');
end;
end;
end; Destructor TShareRestrictedSD.Destroy;
begin
if (ptr <> nil) then
begin
FreeRestrictedSD(ptr);
end;
end; function TShareRestrictedSD.GetSA:PSecurityAttributes;
begin
if (ptr <> nil) then
begin
Result := @Sa;
end
else
begin
Result := nil;
end;
end; end.