1
#define
PROTECTED_DACL_SECURITY_INFORMATION (0x80000000L)
2![None.gif](/Images/OutliningIndicators/None.gif)
3
BOOL Lock_CurrentProcess()
4![ExpandedBlockStart.gif](/Images/OutliningIndicators/ExpandedBlockStart.gif)
{
5
HANDLE hProcess = ::GetCurrentProcess();
6
SID_IDENTIFIER_AUTHORITY sia = SECURITY_WORLD_SID_AUTHORITY;
7
PSID pSid;
8
BOOL bSus = FALSE;
9
bSus = ::AllocateAndInitializeSid(&sia,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,&pSid);
10
if(!bSus) goto Cleanup;
11
HANDLE hToken;
12
bSus = ::OpenProcessToken(hProcess,TOKEN_QUERY,&hToken);
13
if(!bSus) goto Cleanup;
14
DWORD dwReturnLength;
15
::GetTokenInformation(hToken,TokenUser,NULL,NULL,&dwReturnLength);
16
if(dwReturnLength > 0x400) goto Cleanup;
17
LPVOID TokenInformation;
18
TokenInformation = ::LocalAlloc(LPTR,0x400);//这里就引用SDK的函数不引
19![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
20
用CRT的了
21
DWORD dw;
22
bSus = ::GetTokenInformation(hToken,TokenUser,TokenInformation,0x400,&dw);
23
if(!bSus) goto Cleanup;
24
PTOKEN_USER pTokenUser = (PTOKEN_USER)TokenInformation;
25
BYTE Buf[0x200];
26
PACL pAcl = (PACL)&Buf;
27
bSus = ::InitializeAcl(pAcl,1024,ACL_REVISION);
28
if(!bSus) goto Cleanup;
29
bSus = ::AddAccessDeniedAce(pAcl,ACL_REVISION,0x000000FA,pSid);
30
if(!bSus) goto Cleanup;
31
bSus = ::AddAccessAllowedAce(pAcl,ACL_REVISION,0x00100701,pTokenUser->User.Sid);
32
if(!bSus) goto Cleanup;
33
if(::SetSecurityInfo(hProcess,SE_KERNEL_OBJECT,DACL_SECURITY_INFORMATION |
34
PROTECTED_DACL_SECURITY_INFORMATION,NULL,NULL,pAcl,NULL) == 0)
35
bSus = TRUE;
36
Cleanup:
37
if(hProcess != NULL)
38
::CloseHandle(hProcess);
39
if(pSid != NULL)
40
::FreeSid(pSid);
41
return bSus;
42![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
43
}
![None.gif](/Images/OutliningIndicators/None.gif)
2
![None.gif](/Images/OutliningIndicators/None.gif)
3
![None.gif](/Images/OutliningIndicators/None.gif)
4
![ExpandedBlockStart.gif](/Images/OutliningIndicators/ExpandedBlockStart.gif)
![ContractedBlock.gif](/Images/OutliningIndicators/ContractedBlock.gif)
![dot.gif](/Images/dot.gif)
5
![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
6
![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
7
![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
8
![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
9
![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
10
![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
11
![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
12
![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
13
![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
14
![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
15
![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
16
![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
17
![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
18
![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
19
![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
20
![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
21
![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
22
![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
23
![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
24
![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
25
![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
26
![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
27
![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
28
![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
29
![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
30
![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
31
![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
32
![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
33
![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
34
![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
35
![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
36
![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
37
![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
38
![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
39
![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
40
![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
41
![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
42
![InBlock.gif](/Images/OutliningIndicators/InBlock.gif)
43
![ExpandedBlockEnd.gif](/Images/OutliningIndicators/ExpandedBlockEnd.gif)
这段代码就可以锁住其他进程打开本进程,当然也就防止了注入,和读写内存.
可以更绝点Denied ALL ACCESS(0xFFFFFFFF)就连结束都不可能了
::AllocateAndInitializeSid 可以换成 :: InitializeSid .因为我们并不需要初始化子Sid.
另外.
bSus = ::AddAccessDeniedAce(pAcl,ACL_REVISION,0x000000FA,pSid);
if(!bSus) goto Cleanup;
bSus = ::AddAccessAllowedAce(pAcl,ACL_REVISION,0x00100701,pTokenUser->User.Sid);
实际上只需要下面的一句,或者干脆把它去掉,因为如果不添加Ace默认就是没有权限.既然这样上面的那句话AllocateAndInitializeSid 也可以省掉,也似乎有些多余