View Single Post
Old 27th February 2021, 18:54   #18
Anders
Moderator
 
Anders's Avatar
 
Join Date: Jun 2002
Location: ${NSISDIR}
Posts: 5,420
Ideally you should probably use transacted registry when doing evil things like this but it is a start at least:

PHP Code:
requestexecutionlevel admin
unicode true
!include LogicLib.nsh

Section
!define REGROOTANDKEY 'HKLM "SYSTEM\CurrentControlSet\Control\AGP"'

AccessControl::GetRegKeyRawSD ${REGROOTANDKEY"OGD"
Pop $1
${If} $1 P<> 0
    AccessControl
::SetRegKeyOwner ${REGROOTANDKEY} (BA)
    
Pop $0
    
${If} $== error
        Pop 
$2
        DetailPrint 
$0:$2
    
${Else}
        
AccessControl::DisableRegKeyInheritance ${REGROOTANDKEY
        
Pop $0
        
${IfThen} $== error ${|} Pop $${|}

        
AccessControl::ClearOnRegKey /NOINHERIT ${REGROOTANDKEY} (BA"FullAccess"
        
Pop $0
        
${If} $== error
            Pop 
$2
            DetailPrint 
$0:$2
        
${Else}
            
WriteRegStr ${REGROOTANDKEY"Test" "Hello World"
            
MessageBox "" "I did it?"
            
DeleteRegValue ${REGROOTANDKEY"Test"
        
${EndIf}

        
AccessControl::SetRegKeyRawSD ${REGROOTANDKEY"*" $1
        Pop 
$9
        DetailPrint RestoreSD
=$9
    
${EndIf}
    
AccessControl::FreeRawSD $1
${EndIf}
SectionEnd 
If you want to look for your precious FullControl:

PHP Code:
AccessControl::GetRegKeyRawSD ${REGROOTANDKEY"D"
Pop $1
${If} $1 P<> 0
    System
::Call 'ADVAPI32::ConvertSecurityDescriptorToStringSecurityDescriptor(p$1,i1,i0x4,*p.r2,p0)i.r0'
    
${If} $<> 0
        System
::Call KERNEL32::lstrcpyn(t.r0,pr2,i${NSIS_MAX_STRLEN})
        
System::Call KERNEL32::LocalFree(pr2)
        
MessageBox "" $https://docs.microsoft.com/en-us/windows/win32/secauthz/security-descriptor-string-format
    
${EndIf}
    
AccessControl::FreeRawSD $1
${EndIf} 
Attached Files
File Type: zip AccessControl.zip (8.1 KB, 180 views)

IntOp $PostCount $PostCount + 1
Anders is offline   Reply With Quote