#include<ntifs.h>
#include <ntddk.h>
#include <stdio.h>
#include <stdlib.h>
#include<windef.h>
#include <winapifamily.h>
#include <ntimage.h>
#include<wdm.h>
NTSTATUS RegistProcessAsSystemProcess(LONG PID)
{
NTSTATUS status = STATUS_SUCCESS;
CLIENT_ID clientId;
HANDLE handle, hToken;
TOKEN_PRIVILEGES tkp = { 0 };
OBJECT_ATTRIBUTES objAttr;
ULONG BreakOnTermination = 1;
clientId.UniqueThread = NULL;
clientId.UniqueProcess = ULongToHandle(PID);
InitializeObjectAttributes(&objAttr, NULL, 0, NULL, NULL);
status = ZwOpenProcess(&handle, PROCESS_ALL_ACCESS, &objAttr, &clientId);
if (!NT_SUCCESS(status))
{
return status;
}
status = ZwOpenProcessTokenEx(handle, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, OBJ_KERNEL_HANDLE, &hToken);
if (!NT_SUCCESS(status))
{
ZwClose(hToken);
return status;
}
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
tkp.Privileges[0].Luid = RtlConvertLongToLuid(SE_DEBUG_PRIVILEGE);
status = ZwAdjustPrivilegesToken(hToken, FALSE, &tkp, 0, NULL, NULL);
if (!NT_SUCCESS(status))
{
ZwClose(hToken);
return status;
}
status = ZwSetInformationProcess(handle, ProcessBreakOnTermination, &BreakOnTermination, sizeof(ULONG));
if (!NT_SUCCESS(status))
{
ZwClose(hToken);
return status;
}
tkp.Privileges[0].Luid = RtlConvertLongToLuid(SE_TCB_PRIVILEGE);
status = ZwSetInformationProcess(handle, ProcessBreakOnTermination, &BreakOnTermination, sizeof(ULONG));
if (!NT_SUCCESS(status))
{
ZwClose(hToken);
return status;
}
ZwClose(hToken);
return status;
}