Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- using System;
- using System.Collections.Generic;
- using System.ComponentModel;
- using System.Linq;
- using System.Runtime.InteropServices;
- using System.Security.AccessControl;
- using System.Security.Principal;
- using System.Text;
- using System.Threading.Tasks;
- namespace test
- {
- class Program
- {
- [DllImport("advapi32.dll", SetLastError = true)]
- private static extern bool GetKernelObjectSecurity(IntPtr handle, int secInfo, [Out] byte[] sDescriptor, uint len, out uint len2);
- private static RawSecurityDescriptor getProcessSecurityDescriptor(IntPtr processHandle)
- {
- const int DACL_SECURITY_INFORMATION = 0x00000004;
- byte[] psecdesc = new byte[0];
- uint BytesNeed;
- GetKernelObjectSecurity(processHandle, DACL_SECURITY_INFORMATION, psecdesc, 0, out BytesNeed);
- if (BytesNeed < 0 || BytesNeed > short.MaxValue)
- throw new Win32Exception();
- if (!GetKernelObjectSecurity(processHandle,
- DACL_SECURITY_INFORMATION,
- psecdesc = new byte[BytesNeed],
- BytesNeed, out BytesNeed)) throw new Win32Exception();
- return new RawSecurityDescriptor(psecdesc, 0);
- }
- [DllImport("advapi32.dll", SetLastError = true)]
- private static extern bool SetKernelObjectSecurity(IntPtr Handle, int secInfo, [In] byte[] psd);
- [DllImport("kernel32.dll")]
- private static extern IntPtr GetCurrentProcess(); //uchwyt do danego procesu jako typ IntPtr (int*)
- private static void setProcessSecurityDescriptor(IntPtr processHandle, RawSecurityDescriptor dacl) //ustawiamy DACL
- {
- const int DACL_SECURITY_INFORMATION = 0x00000004;
- byte[] rawSecurityDescriptor = new byte[dacl.BinaryLength];
- dacl.GetBinaryForm(rawSecurityDescriptor, 0);
- if (!SetKernelObjectSecurity(processHandle, DACL_SECURITY_INFORMATION, rawSecurityDescriptor)) throw new Win32Exception();
- }
- [Flags]
- private enum PAR //flagi dostępu do procesów --> Process Access Rights po kolei z MSDN
- {
- PROCESS_CREATE_PROCESS = 0x0080, //do tworzenia procesu
- PROCESS_CREATE_THREAD = 0x0002, //do tworzenia wątku
- SYNCHRONIZE = 0x00100000, //synchronizacja (?)
- PROCESS_DUP_HANDLE = 0x0040, //do łapania uchwytu
- PROCESS_QUERY_INFORMATION = 0x0400, //do zdobywania informacji o procesie (token etc.)
- PROCESS_QUERY_LIMITED_INFORMATION = 0x1000, //do zdobywania innych informacji, analogiczne
- PROCESS_SET_QUOTA = 0x0100, //do ingerencji w working set
- PROCESS_SET_INFORMATION = 0x0200, //do ustawiania dla procesu X informacji
- WRITE_OWNER = 0x00080000, //process owner - "posiadacz" procesu - chodzi o konto
- PROCESS_SUSPEND_RESUME = 0x0800, //jak wskazuje nazwa, wstrzymaj lub wznów
- PROCESS_TERMINATE = 0x0001, //zakończ proces
- PROCESS_VM_OPERATION = 0x0008, //zawiera w sobie funkcję - WriteProcessMemory (kernel32.dll -> zawiera się w <windows.h>)
- PROCESS_VM_READ = 0x0010, //do odczytywania pamięci procesu
- PROCESS_VM_WRITE = 0x0020, //do nadpisywania pamięci procesu
- DELETE = 0x00010000, //do usuwania niektórych rzeczy
- READ_CONTROL = 0x00020000, //kontrola odczytu
- WRITE_DAC = 0x00040000, //advice DACL
- STANDARD_RIGHTS_REQUIRED = 0x000f0000, //nie mam pojęcia jak to wyjaśnić, ale nazwa STANDARD_RIGHTS_REQUIRED powinna być wystarczająca ;)
- PROCESS_ALL_ACCESS = (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0xFFF), //reszta
- }
- public static void TurnOnSelfProtection()
- {
- IntPtr hProcess = GetCurrentProcess();
- var dacl = getProcessSecurityDescriptor(hProcess);
- dacl.DiscretionaryAcl.InsertAce(0, new CommonAce(AceFlags.None, AceQualifier.AccessDenied /* blokujemy dostęp do procesu */, (int)PAR.PROCESS_ALL_ACCESS, new SecurityIdentifier(WellKnownSidType.WorldSid, null), false, null));
- setProcessSecurityDescriptor(hProcess, dacl);
- } // do wykorzystania w innej klasie
- static void Main(string[] args)
- {
- TurnOnSelfProtection();
- Console.Write("Try to kill me! :)");
- Console.ReadKey();
- }
- }
- }
Add Comment
Please, Sign In to add comment
