banner
 .::Others::. Mã bảo vệ tiến trình không bị End Task trong Windows Go to original post Author: ngoalong - Translator:  - Entry Date: 13/02/2009 09:59:14
Đoạn code sau đây sử dụng các tính năng sercurity object trên
Win2K/XP. Một process cần được bảo vệ sẽ được tạo ra với quyền
truy cập được hạn chế bằng cách đặt thuộc tính SECURITY_ATTRIBUTES
trong khi gọi hàn CreateProcess để tạo process được bảo vệ!




Code:


// SecurityObj.cpp : Defines the entry point for the application.

//

#include "stdafx.h"

#include <windows.h>
#include <stdio.h>
#include <aclapi.h>

BOOL CreateProtectedProcess(
LPCTSTR lpApplicationName, // name of executable module
LPTSTR lpCommandLine, // command line string
DWORD dwCreationFlags // creation flags
);

int APIENTRY WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPSTR lpCmdLine,
int nCmdShow)
{
CreateProtectedProcess("c:\winnt\system32\calc.exe", NULL, 0 );
return 0;
}

BOOL CreateProtectedProcess(
LPCTSTR lpApplicationName, // name of executable module
LPTSTR lpCommandLine, // command line string
DWORD dwCreationFlags // creation flags
)
{
DWORD dwRes;
PSID pEveryoneSID = NULL, pAdminSID = NULL;
PACL pACL = NULL;
PSECURITY_DESCRIPTOR pSD = NULL;
EXPLICIT_ACCESS ea[2];
SID_IDENTIFIER_AUTHORITY SIDAuthWorld = SECURITY_WORLD_SID_AUTHORITY;
SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;
SECURITY_ATTRIBUTES sa;

// Create a well-known SID for the Everyone group.

if(! AllocateAndInitializeSid( &SIDAuthWorld, 1,
SECURITY_WORLD_RID,
0, 0, 0, 0, 0, 0, 0,
&pEveryoneSID) )
{
return FALSE;
}

// Initialize an EXPLICIT_ACCESS structure for an ACE.
// The ACE will allow Everyone read access to the object.

ZeroMemory(&ea, 2 * sizeof(EXPLICIT_ACCESS));
ea[0].grfAccessPermissions = GENERIC_READ;
ea[0].grfAccessMode = DENY_ACCESS;
ea[0].grfInheritance= NO_INHERITANCE;
ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
ea[0].Trustee.ptstrName = (LPTSTR) pEveryoneSID;

// Create a SID for the BUILTIN\Administrators group.

if(! AllocateAndInitializeSid( &SIDAuthNT, 2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0,
&pAdminSID) )
{
goto Cleanup;
}

// Initialize an EXPLICIT_ACCESS structure for an ACE.
// The ACE will allow the Administrators group full access to the key.

ea[1].grfAccessPermissions = GENERIC_READ;
ea[1].grfAccessMode = DENY_ACCESS;
ea[1].grfInheritance= NO_INHERITANCE;
ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[1].Trustee.TrusteeType = TRUSTEE_IS_GROUP;
ea[1].Trustee.ptstrName = (LPTSTR) pAdminSID;

// Create a new ACL that contains the new ACEs.

dwRes = SetEntriesInAcl(2, ea, NULL, &pACL);
if (ERROR_SUCCESS != dwRes)
{
goto Cleanup;
}

// Initialize a security descriptor.

pSD = (PSECURITY_DESCRIPTOR) LocalAlloc(LPTR,
SECURITY_DESCRIPTOR_MIN_LENGTH);
if (pSD == NULL)
{
goto Cleanup;
}

if (!InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION))
{
goto Cleanup;
}

// Add the ACL to the security descriptor.

if (!SetSecurityDescriptorDacl(pSD, TRUE, // fDaclPresent flag
pACL, FALSE)) // not a default DACL
{
goto Cleanup;
}

// Initialize a security attributes structure.

sa.nLength = sizeof (SECURITY_ATTRIBUTES);
sa.lpSecurityDescriptor = pSD;
sa.bInheritHandle = FALSE;

// Use the security attributes to set the security descriptor
// when you create a key.

PROCESS_INFORMATION pi;
STARTUPINFO si;
memset(&pi,0,sizeof(pi));
memset(&si,0,sizeof(si));
si.cb = sizeof(si);
si.wShowWindow = SW_SHOW;

CreateProcess(lpApplicationName,lpCommandLine, &sa, &sa,dwCreationFlags,0,0,0,&si,&pi);

// clean up data
Cleanup:

if (pEveryoneSID) FreeSid(pEveryoneSID);
if (pAdminSID) FreeSid(pAdminSID);
if (pACL) LocalFree(pACL);
if (pSD) LocalFree(pSD);

return TRUE;

}

[digg] [delicious] [google] [yahoo] [technorati] [reddit] [stumbleupon]
Go to top Go to original post  

Powered by JForum - Extended by HVAOnline
 hvaonline.net  |  hvaforum.net  |  hvazone.net  |  hvanews.net  |  vnhacker.org
1999 - 2013 © v2012|0504|218|