更新时间:2023-09-01 11:20:40
还需要使用另一种本机方法并提供SDDL ,以下代码在正确的注册表项上设置ACL:
Another native method needs to be involved and given an SDDL, the following code sets ACLs on the right registry key:
[DllImport("Advapi32.dll", CallingConvention = CallingConvention.Winapi, SetLastError = true, CharSet = CharSet.Auto)]
internal static extern bool ConvertStringSecurityDescriptorToSecurityDescriptor(string stringSecurityDescriptor, int stringSDRevision, out IntPtr ppSecurityDescriptor, ref int securityDescriptorSize);
string sddl = "...";
IntPtr secDescriptor = IntPtr.Zero;
int size = 0;
ConvertStringSecurityDescriptorToSecurityDescriptor
(
sddl,
1, // revision 1
out secDescriptor,
ref size
);
// get handle with RegOpenKeyEx
RegSetKeySecurity
(
handle,
0x00000004, // DACL_SECURITY_INFORMATION
secDescriptor
);