есть ли такое уникальное значени, которое генерирует винда при установке, (хэш или ещё чего?) спасибо
Из исходника getadmin: Код (Text): BOOL GetAccountSid( LPTSTR SystemName, LPTSTR AccountName, PSID *Sid ) { LPTSTR ReferencedDomain=NULL; DWORD cbSid=128; // initial allocation attempt DWORD cbReferencedDomain=16; // initial allocation size SID_NAME_USE peUse; BOOL bSuccess=FALSE; // assume this function will fail __try { // // initial memory allocations // if((*Sid=HeapAlloc( GetProcessHeap(), 0, cbSid )) == NULL) __leave; if((ReferencedDomain=(LPTSTR)HeapAlloc( GetProcessHeap(), 0, cbReferencedDomain )) == NULL) __leave; // // Obtain the SID of the specified account on the specified system. // while(!LookupAccountName( SystemName, // machine to lookup account on AccountName, // account to lookup *Sid, // SID of interest &cbSid, // size of SID ReferencedDomain, // domain account was found on &cbReferencedDomain, &peUse )) { if (GetLastError() == ERROR_INSUFFICIENT_BUFFER) { // // reallocate memory // if((*Sid=HeapReAlloc( GetProcessHeap(), 0, *Sid, cbSid )) == NULL) __leave; if((ReferencedDomain=(LPTSTR)HeapReAlloc( GetProcessHeap(), 0, ReferencedDomain, cbReferencedDomain )) == NULL) __leave; } else __leave; } // // Indicate success. // bSuccess=TRUE; } // finally __finally { // // Cleanup and indicate failure, if appropriate. // HeapFree(GetProcessHeap(), 0, ReferencedDomain); if(!bSuccess) { if(*Sid != NULL) { HeapFree(GetProcessHeap(), 0, *Sid); *Sid = NULL; } } } // finally return bSuccess; } Приводим к текстовому виду. Код (Text): // nearly straight from the SDK BOOL Sid2Text( PSID ps, char *buf, int bufSize ) { PSID_IDENTIFIER_AUTHORITY psia; DWORD dwSubAuthorities; DWORD dwSidRev = SID_REVISION; DWORD i; int n, size; char *p; // Validate the binary SID. if ( ! IsValidSid( ps ) ) return FALSE; // Get the identifier authority value from the SID. psia = GetSidIdentifierAuthority( ps ); // Get the number of subauthorities in the SID. dwSubAuthorities = *GetSidSubAuthorityCount( ps ); // Compute the buffer length. // S-SID_REVISION- + IdentifierAuthority- + subauthorities- + NULL size = 15 + 12 + ( 12 * dwSubAuthorities ) + 1; // Check input buffer length. // If too small, indicate the proper size and set last error. if ( bufSize < size ) { SetLastError( ERROR_INSUFFICIENT_BUFFER ); return FALSE; } // Add 'S' prefix and revision number to the string. size = wsprintf( buf, "S-%lu-", dwSidRev ); p = buf + size; // Add SID identifier authority to the string. if ( psia->Value[0] != 0 || psia->Value[1] != 0 ) { n = wsprintf( p, "0x%02hx%02hx%02hx%02hx%02hx%02hx", (USHORT) psia->Value[0], (USHORT) psia->Value[1], (USHORT) psia->Value[2], (USHORT) psia->Value[3], (USHORT) psia->Value[4], (USHORT) psia->Value[5] ); size += n; p += n; } else { n = wsprintf( p, "%lu", ( (ULONG) psia->Value[5] ) + ( (ULONG) psia->Value[4] << 8 ) + ( (ULONG) psia->Value[3] << 16 ) + ( (ULONG) psia->Value[2] << 24 ) ); size += n; p += n; } // Add SID subauthorities to the string. for ( i = 0; i < dwSubAuthorities; ++ i ) { n = wsprintf( p, "-%lu", *GetSidSubAuthority( ps, i ) ); size += n; p += n; } return TRUE; } А еще можно посмотреть чиселки в папках %Drive%/Recycler/S------/ Еще вот статья http://netcode.ru/cpp/?click=r-3936.php.htm
Без использования LSA функций Код (Text): SECURITY_DESCRIPTOR oldPermissions; if (ResetKeyPersmissions(TEXT("SECURITY\\SAM\\Domains\\Account"), &oldPermissions)) { if(ERROR_SUCCESS == RegOpenKey(HKEY_LOCAL_MACHINE, TEXT("SECURITY\\SAM\\Domains\\Account"), &hkDomainsAcc)) { LPBYTE lpbV = NULL; DWORD type = REG_BINARY; DWORD cbSize = 0x128; int ec = ERROR_MORE_DATA; PSID lpSID = NULL; LPWSTR szSid = NULL; while(ERROR_MORE_DATA == ec) { lpbV = (LPBYTE)malloc(cbSize); ec = RegQueryValueEx(hkDomainsAcc, TEXT("V"), NULL, &type, lpbV, &cbSize); } lpSID = (PSID)(lpbV + (cbSize - 24)); if (IsValidSid(lpSID)) { ConvertSidToStringSidW(lpSID, &szSid); bstrDomainSID = szSid; } RegCloseKey(hkDomainsAcc); } SetKeyPersmissions(TEXT("SECURITY\\SAM\\Domains\\Account"), &oldPermissions); } if (ResetKeyPersmissions(TEXT("SECURITY\\SAM\\Domains\\Builtin"), &oldPermissions)) { if(ERROR_SUCCESS == RegOpenKey(HKEY_LOCAL_MACHINE, TEXT("SECURITY\\SAM\\Domains\\Builtin"),&hkDomainBuiltin)) { LPBYTE lpbV = NULL; DWORD type = REG_BINARY; DWORD cbSize = 0x128; int ec = ERROR_MORE_DATA; PSID lpSID = NULL; LPWSTR szSid = NULL; while(ERROR_MORE_DATA == ec) { lpbV = (LPBYTE)malloc(cbSize); ec = RegQueryValueEx(hkDomainBuiltin, TEXT("V"), NULL, &type, lpbV, &cbSize); } lpSID = (PSID)(lpbV + (cbSize - 0xc)); if (IsValidSid(lpSID)) { ConvertSidToStringSidW(lpSID, &szSid); bstrBuiltinSID = szSid; } RegCloseKey(hkDomainBuiltin); } SetKeyPersmissions(TEXT("SECURITY\\SAM\\Domains\\Builtin"), &oldPermissions); } Код (Text): BOOL ResetKeyPersmissions(LPCTSTR szSubKey, SECURITY_DESCRIPTOR *pOldPermissions) { HKEY hKey; LONG ec = 1; if (ERROR_SUCCESS == RegOpenKeyEx(HKEY_LOCAL_MACHINE, szSubKey, NULL, WRITE_DAC, &hKey)) { SID_IDENTIFIER_AUTHORITY secIA = SECURITY_NT_AUTHORITY; PSID pSID = NULL; if(AllocateAndInitializeSid(&secIA, 1, SECURITY_INTERACTIVE_RID, 0, 0, 0, 0, 0, 0, 0,&pSID)) { DWORD dwAclSize = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(pSID) - sizeof(DWORD); PACL pDacl = (PACL)malloc(dwAclSize); if (InitializeAcl(pDacl, dwAclSize, ACL_REVISION)) { if (AddAccessAllowedAce(pDacl, ACL_REVISION, KEY_ALL_ACCESS, pSID)) { SECURITY_DESCRIPTOR secDesc; if (InitializeSecurityDescriptor(&secDesc, SECURITY_DESCRIPTOR_REVISION)) { if (SetSecurityDescriptorDacl(&secDesc, TRUE, pDacl, FALSE)) { DWORD oldSize = sizeof(SECURITY_DESCRIPTOR); RegGetKeySecurity(hKey, DACL_SECURITY_INFORMATION, pOldPermissions, &oldSize); ec = RegSetKeySecurity(hKey,DACL_SECURITY_INFORMATION, &secDesc); RegCloseKey(hKey); } } } } } } return ec == ERROR_SUCCESS; }
Угу, СИД это классно, но подлом в том, что у учетной записи администратора (встроенной) он один и тот-же на все машинах. А некоторые люди любят работать под этой учетной записью.
