By permission settings prohibiting users from killing our progress in the task manager

xiaoxiao2021-04-08  425

By permission settings prohibiting users from killing our progress in the task manager

The following code is for learning only, you can't guarantee that the code is completely correct, huh, huh. The template class using the code in the code CLOCALMEMORYT will be introduced later! To explain, it is invalid under XP, 2003 has not tried it! Moreover, even in 2000 is not completely killed, the ntsd command can kill such a process.

#include "aclapi.h" #include "atlbase.h" BOOL DisableTerminateProcess (void) {CHandle token; if (:: OpenProcessToken (:: GetCurrentProcess (), TOKEN_READ | TOKEN_WRITE, & token.m_h)) {try {CLocalMemoryT tokenUser (Helpers :: GetTokenInformation (token, TokenUser)); DWORD dwAclSize = sizeof (ACL) 2 * (sizeof (ACCESS_ALLOWED_ACE) -sizeof (DWORD)) GetLengthSid (tokenUser-> User.Sid); DWORD Accessmask = process_all_access; accessmask & = ~ process_terminate;

CLocalMemoryT pNewDacl (dwAclSize); if (InitializeAcl (pNewDacl.m_ptr, dwAclSize, ACL_REVISION) && AddAccessAllowedAce (pNewDacl.m_ptr, ACL_REVISION, AccessMask, tokenUser-> User.Sid)) {if (SetSecurityInfo (:: GetCurrentProcess () , SE_kernel_Object, Owner_Security_Information | DACL_SECURITY_INFORMATION, TOKENUSER-> User.SID, NULL, PNEWDACL.M_PTR, NULL) == S_OK) {Return True;}

}}} CatCH (HRESULT Error) {}} Return False;}

The above code runs the test on Window2000 VC.NET!

Used above two classes, one is Chandle, defined in atlbase.h (there is no on ATL3.0), another clocalMemoryt, and Helper, you can find http://www.microsoft.com/china/ MSDN / LIBRARY / SECURITY / DEFAULT.MSPX? MFR = true

转载请注明原文地址:https://www.9cbs.com/read-132811.html

New Post(0)