cs_kalif
Messages postés362Date d'inscriptionmardi 18 décembre 2001StatutMembreDernière intervention24 août 2012
-
3 août 2006 à 11:00
ShareVB
Messages postés2676Date d'inscriptionvendredi 28 juin 2002StatutMembreDernière intervention13 janvier 2016
-
4 août 2006 à 16:02
bonjour
je voudrai rendre mon process inkillable via SetSecurityInfo, mais je ne trouve pas beaucoup d'info la dessus...
Private Declare Function SetSecurityInfo Lib "advapi32.dll" (ByVal Handle As Long, ByVal ObjectType As SE_OBJECT_TYPE, ByVal SecurityInfo As Long, ppsidOwner As Long, ppsidGroup As Long, ppDacl As Any, ppSacl As Any) As Long
Private Declare Function GetSecurityInfo Lib "advapi32.dll" (ByVal Handle As Long, ByVal ObjectType As SE_OBJECT_TYPE, ByVal SecurityInfo As Long, ppsidOwner As Long, ppsidGroup As Long, ppDacl As Any, ppSacl As Any, ppSecurityDescriptor As Long) As Long
Private Enum SE_OBJECT_TYPE ' je n'ai aucune info sur ces constantes ....
SE_UNKNOWN_OBJECT_TYPE = 0
SE_FILE_OBJECT
SE_SERVICE
SE_PRINTER
SE_REGISTRY_KEY
SE_LMSHARE
SE_KERNEL_OBJECT
SE_WINDOW_OBJECT
SE_DS_OBJECT
SE_DS_OBJECT_ALL
SE_PROVIDER_DEFINED_OBJECT
SE_WMIGUID_OBJECT
End Enum
ShareVB
Messages postés2676Date d'inscriptionvendredi 28 juin 2002StatutMembreDernière intervention13 janvier 201626 4 août 2006 à 15:23
salut,
un exemple :
Option Explicit
Private Const SYNCHRONIZE As Long = &H100000
Private Const STANDARD_RIGHTS_REQUIRED As Long = &HF0000
Private Const PROCESS_ALL_ACCESS As Long = (STANDARD_RIGHTS_REQUIRED Or SYNCHRONIZE Or &HFFF)
Private Const SE_KERNEL_OBJECT As Long = 6&
Private Const DENY_ACCESS As Long = 3
Private Const WRITE_DAC As Long = &H40000
Private Const SID_REVISION As Long = 1
Private Const PROCESS_TERMINATE As Long = (&H1)
Private Const NO_INHERITANCE As Long = 0
Private Const DACL_SECURITY_INFORMATION As Long = &H4&
Private Enum TRUSTEE_FORM
TRUSTEE_IS_SID
TRUSTEE_IS_NAME
End Enum
Private Enum TRUSTEE_TYPE
TRUSTEE_IS_UNKNOWN
TRUSTEE_IS_USER
TRUSTEE_IS_GROUP
End Enum
Private Enum MULTIPLE_TRUSTEE_OPERATION
NO_MULTIPLE_TRUSTEE
TRUSTEE_IS_IMPERSONATE
End Enum
Private Type SID
Revision As Byte
SubAuthorityCount As Byte
IdentifierAuthority(5) As Byte
SubAuthority As Long
End Type
Private Type TRUSTEE
pMultipleTrustee As Long
MultipleTrusteeOperation As MULTIPLE_TRUSTEE_OPERATION
TrusteeForm As TRUSTEE_FORM
TrusteeType As TRUSTEE_TYPE
ptstrName As Long
End Type
Private Type EXPLICIT_ACCESS
grfAccessPermissions As Long
grfAccessMode As Long
grfInheritance As Long
myTrustee As TRUSTEE
End Type
Private Declare Function OpenProcess Lib "kernel32.dll" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function GetLastError Lib "kernel32.dll" () As Long
Private Declare Function SetEntriesInAcl Lib "ADVAPI32.dll" Alias "SetEntriesInAclW" (ByVal cCountOfExplicitEntries As Long, ByRef pListOfExplicitEntries As EXPLICIT_ACCESS, ByVal OldAcl As Long, ByRef NewAcl As Long) As Long
Private Declare Function SetSecurityInfo Lib "ADVAPI32.dll" (ByVal handle As Long, ByVal ObjectType As Long, ByVal SecurityInfo As Long, ByVal psidOwner As Long, ByVal psidGroup As Long, ByVal pDacl As Long, ByVal pSacl As Long) As Long
Private Declare Function LocalFree Lib "kernel32.dll" (ByVal hMem As Long) As Long
Public Function SetPermissions(ByVal pid As Long)
Dim dwErr As Long
Dim hpWriteDAC As Long
Dim pDacl As Long
If pid = 0 Then
hpWriteDAC = -1
Else
hpWriteDAC = OpenProcess(WRITE_DAC, 0, pid)
End If
dwErr = GetLastError()
Dim world As SID
With world
.Revision = SID_REVISION
.SubAuthorityCount = 1
'SECURITY_WORLD_SID_AUTHORITY
.IdentifierAuthority(5) = 1
.SubAuthority = 0
End With
Dim ea As EXPLICIT_ACCESS
With ea
.grfAccessPermissions = PROCESS_ALL_ACCESS 'PROCESS_TERMINATE Or WRITE_DAC
.grfAccessMode = DENY_ACCESS
.grfInheritance = NO_INHERITANCE
With .myTrustee
.pMultipleTrustee = 0
.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE
.TrusteeForm = TRUSTEE_IS_SID
.TrusteeType = TRUSTEE_IS_USER
.ptstrName = VarPtr(world.Revision)
End With
End With
dwErr = SetEntriesInAcl(1, ea, 0, pDacl)
dwErr = SetSecurityInfo(hpWriteDAC, SE_KERNEL_OBJECT, _
DACL_SECURITY_INFORMATION, _
0, 0, pDacl, 0)
LocalFree (pDacl)
SetPermissions = dwErr
End Function
seule chose :
si un processus voulant killer a le privilège SE_DEBUG alors cette protection ne marche pas...
ShareVB
Messages postés2676Date d'inscriptionvendredi 28 juin 2002StatutMembreDernière intervention13 janvier 201626 4 août 2006 à 16:02
salut,
un exemple :
Option Explicit
Private Const SYNCHRONIZE As Long = &H100000
Private Const STANDARD_RIGHTS_REQUIRED As Long = &HF0000
Private Const PROCESS_ALL_ACCESS As Long = (STANDARD_RIGHTS_REQUIRED Or SYNCHRONIZE Or &HFFF)
Private Const SE_KERNEL_OBJECT As Long = 6&
Private Const DENY_ACCESS As Long = 3
Private Const WRITE_DAC As Long = &H40000
Private Const SID_REVISION As Long = 1
Private Const PROCESS_TERMINATE As Long = (&H1)
Private Const NO_INHERITANCE As Long = 0
Private Const DACL_SECURITY_INFORMATION As Long = &H4&
Private Enum TRUSTEE_FORM
TRUSTEE_IS_SID
TRUSTEE_IS_NAME
End Enum
Private Enum TRUSTEE_TYPE
TRUSTEE_IS_UNKNOWN
TRUSTEE_IS_USER
TRUSTEE_IS_GROUP
End Enum
Private Enum MULTIPLE_TRUSTEE_OPERATION
NO_MULTIPLE_TRUSTEE
TRUSTEE_IS_IMPERSONATE
End Enum
Private Type SID
Revision As Byte
SubAuthorityCount As Byte
IdentifierAuthority(5) As Byte
SubAuthority As Long
End Type
Private Type TRUSTEE
pMultipleTrustee As Long
MultipleTrusteeOperation As MULTIPLE_TRUSTEE_OPERATION
TrusteeForm As TRUSTEE_FORM
TrusteeType As TRUSTEE_TYPE
ptstrName As Long
End Type
Private Type EXPLICIT_ACCESS
grfAccessPermissions As Long
grfAccessMode As Long
grfInheritance As Long
myTrustee As TRUSTEE
End Type
Private Declare Function OpenProcess Lib "kernel32.dll" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function GetLastError Lib "kernel32.dll" () As Long
Private Declare Function SetEntriesInAcl Lib "ADVAPI32.dll" Alias "SetEntriesInAclW" (ByVal cCountOfExplicitEntries As Long, ByRef pListOfExplicitEntries As EXPLICIT_ACCESS, ByVal OldAcl As Long, ByRef NewAcl As Long) As Long
Private Declare Function SetSecurityInfo Lib "ADVAPI32.dll" (ByVal handle As Long, ByVal ObjectType As Long, ByVal SecurityInfo As Long, ByVal psidOwner As Long, ByVal psidGroup As Long, ByVal pDacl As Long, ByVal pSacl As Long) As Long
Private Declare Function LocalFree Lib "kernel32.dll" (ByVal hMem As Long) As Long
Public Function SetPermissions(ByVal pid As Long)
Dim dwErr As Long
Dim hpWriteDAC As Long
Dim pDacl As Long
If pid = 0 Then
hpWriteDAC = -1
Else
hpWriteDAC = OpenProcess(WRITE_DAC, 0, pid)
End If
dwErr = GetLastError()
Dim world As SID
With world
.Revision = SID_REVISION
.SubAuthorityCount = 1
'SECURITY_WORLD_SID_AUTHORITY
.IdentifierAuthority(5) = 1
.SubAuthority = 0
End With
Dim ea As EXPLICIT_ACCESS
With ea
.grfAccessPermissions = PROCESS_ALL_ACCESS 'PROCESS_TERMINATE Or WRITE_DAC
.grfAccessMode = DENY_ACCESS
.grfInheritance = NO_INHERITANCE
With .myTrustee
.pMultipleTrustee = 0
.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE
.TrusteeForm = TRUSTEE_IS_SID
.TrusteeType = TRUSTEE_IS_USER
.ptstrName = VarPtr(world.Revision)
End With
End With
dwErr = SetEntriesInAcl(1, ea, 0, pDacl)
dwErr = SetSecurityInfo(hpWriteDAC, SE_KERNEL_OBJECT, _
DACL_SECURITY_INFORMATION, _
0, 0, pDacl, 0)
LocalFree (pDacl)
SetPermissions = dwErr
End Function
seule chose :
si un processus voulant killer a le privilège SE_DEBUG alors cette protection ne marche pas...