Rendre un process inkillable via SetSecurityInfo
cs_kalif
Messages postés
362
Date d'inscription
mardi 18 décembre 2001
Statut
Membre
Dernière intervention
24 août 2012
-
3 août 2006 à 11:00
ShareVB Messages postés 2676 Date d'inscription vendredi 28 juin 2002 Statut Membre Dernière intervention 13 janvier 2016 - 4 août 2006 à 16:02
ShareVB Messages postés 2676 Date d'inscription vendredi 28 juin 2002 Statut Membre Dernière intervention 13 janvier 2016 - 4 août 2006 à 16:02
A voir également:
- Rendre un process inkillable via SetSecurityInfo
- Process start ✓ - Forum C# / .NET
- C# start process ✓ - Forum C# / .NET
- Process control schneider forum ✓ - Forum Visual Basic
- Vb net process start arguments - Forum C# / .NET
- Modifier des données mysql via formulaire php ✓ - Forum PHP
2 réponses
ShareVB
Messages postés
2676
Date d'inscription
vendredi 28 juin 2002
Statut
Membre
Dernière intervention
13 janvier 2016
26
4 août 2006 à 15:23
4 août 2006 à 15:23
salut,
un exemple :
Option Explicit
Private Const SYNCHRONIZE As Long = &H100000
Private Const STANDARD_RIGHTS_REQUIRED As Long = &HF0000
Private Const PROCESS_ALL_ACCESS As Long = (STANDARD_RIGHTS_REQUIRED Or SYNCHRONIZE Or &HFFF)
Private Const SE_KERNEL_OBJECT As Long = 6&
Private Const DENY_ACCESS As Long = 3
Private Const WRITE_DAC As Long = &H40000
Private Const SID_REVISION As Long = 1
Private Const PROCESS_TERMINATE As Long = (&H1)
Private Const NO_INHERITANCE As Long = 0
Private Const DACL_SECURITY_INFORMATION As Long = &H4&
Private Enum TRUSTEE_FORM
TRUSTEE_IS_SID
TRUSTEE_IS_NAME
End Enum
Private Enum TRUSTEE_TYPE
TRUSTEE_IS_UNKNOWN
TRUSTEE_IS_USER
TRUSTEE_IS_GROUP
End Enum
Private Enum MULTIPLE_TRUSTEE_OPERATION
NO_MULTIPLE_TRUSTEE
TRUSTEE_IS_IMPERSONATE
End Enum
Private Type SID
Revision As Byte
SubAuthorityCount As Byte
IdentifierAuthority(5) As Byte
SubAuthority As Long
End Type
Private Type TRUSTEE
pMultipleTrustee As Long
MultipleTrusteeOperation As MULTIPLE_TRUSTEE_OPERATION
TrusteeForm As TRUSTEE_FORM
TrusteeType As TRUSTEE_TYPE
ptstrName As Long
End Type
Private Type EXPLICIT_ACCESS
grfAccessPermissions As Long
grfAccessMode As Long
grfInheritance As Long
myTrustee As TRUSTEE
End Type
Private Declare Function OpenProcess Lib "kernel32.dll" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function GetLastError Lib "kernel32.dll" () As Long
Private Declare Function SetEntriesInAcl Lib "ADVAPI32.dll" Alias "SetEntriesInAclW" (ByVal cCountOfExplicitEntries As Long, ByRef pListOfExplicitEntries As EXPLICIT_ACCESS, ByVal OldAcl As Long, ByRef NewAcl As Long) As Long
Private Declare Function SetSecurityInfo Lib "ADVAPI32.dll" (ByVal handle As Long, ByVal ObjectType As Long, ByVal SecurityInfo As Long, ByVal psidOwner As Long, ByVal psidGroup As Long, ByVal pDacl As Long, ByVal pSacl As Long) As Long
Private Declare Function LocalFree Lib "kernel32.dll" (ByVal hMem As Long) As Long
Public Function SetPermissions(ByVal pid As Long)
Dim dwErr As Long
Dim hpWriteDAC As Long
Dim pDacl As Long
If pid = 0 Then
hpWriteDAC = -1
Else
hpWriteDAC = OpenProcess(WRITE_DAC, 0, pid)
End If
dwErr = GetLastError()
Dim world As SID
With world
.Revision = SID_REVISION
.SubAuthorityCount = 1
'SECURITY_WORLD_SID_AUTHORITY
.IdentifierAuthority(5) = 1
.SubAuthority = 0
End With
Dim ea As EXPLICIT_ACCESS
With ea
.grfAccessPermissions = PROCESS_ALL_ACCESS 'PROCESS_TERMINATE Or WRITE_DAC
.grfAccessMode = DENY_ACCESS
.grfInheritance = NO_INHERITANCE
With .myTrustee
.pMultipleTrustee = 0
.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE
.TrusteeForm = TRUSTEE_IS_SID
.TrusteeType = TRUSTEE_IS_USER
.ptstrName = VarPtr(world.Revision)
End With
End With
dwErr = SetEntriesInAcl(1, ea, 0, pDacl)
dwErr = SetSecurityInfo(hpWriteDAC, SE_KERNEL_OBJECT, _
DACL_SECURITY_INFORMATION, _
0, 0, pDacl, 0)
LocalFree (pDacl)
SetPermissions = dwErr
End Function
seule chose :
si un processus voulant killer a le privilège SE_DEBUG alors cette protection ne marche pas...
ShareVB
un exemple :
Option Explicit
Private Const SYNCHRONIZE As Long = &H100000
Private Const STANDARD_RIGHTS_REQUIRED As Long = &HF0000
Private Const PROCESS_ALL_ACCESS As Long = (STANDARD_RIGHTS_REQUIRED Or SYNCHRONIZE Or &HFFF)
Private Const SE_KERNEL_OBJECT As Long = 6&
Private Const DENY_ACCESS As Long = 3
Private Const WRITE_DAC As Long = &H40000
Private Const SID_REVISION As Long = 1
Private Const PROCESS_TERMINATE As Long = (&H1)
Private Const NO_INHERITANCE As Long = 0
Private Const DACL_SECURITY_INFORMATION As Long = &H4&
Private Enum TRUSTEE_FORM
TRUSTEE_IS_SID
TRUSTEE_IS_NAME
End Enum
Private Enum TRUSTEE_TYPE
TRUSTEE_IS_UNKNOWN
TRUSTEE_IS_USER
TRUSTEE_IS_GROUP
End Enum
Private Enum MULTIPLE_TRUSTEE_OPERATION
NO_MULTIPLE_TRUSTEE
TRUSTEE_IS_IMPERSONATE
End Enum
Private Type SID
Revision As Byte
SubAuthorityCount As Byte
IdentifierAuthority(5) As Byte
SubAuthority As Long
End Type
Private Type TRUSTEE
pMultipleTrustee As Long
MultipleTrusteeOperation As MULTIPLE_TRUSTEE_OPERATION
TrusteeForm As TRUSTEE_FORM
TrusteeType As TRUSTEE_TYPE
ptstrName As Long
End Type
Private Type EXPLICIT_ACCESS
grfAccessPermissions As Long
grfAccessMode As Long
grfInheritance As Long
myTrustee As TRUSTEE
End Type
Private Declare Function OpenProcess Lib "kernel32.dll" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function GetLastError Lib "kernel32.dll" () As Long
Private Declare Function SetEntriesInAcl Lib "ADVAPI32.dll" Alias "SetEntriesInAclW" (ByVal cCountOfExplicitEntries As Long, ByRef pListOfExplicitEntries As EXPLICIT_ACCESS, ByVal OldAcl As Long, ByRef NewAcl As Long) As Long
Private Declare Function SetSecurityInfo Lib "ADVAPI32.dll" (ByVal handle As Long, ByVal ObjectType As Long, ByVal SecurityInfo As Long, ByVal psidOwner As Long, ByVal psidGroup As Long, ByVal pDacl As Long, ByVal pSacl As Long) As Long
Private Declare Function LocalFree Lib "kernel32.dll" (ByVal hMem As Long) As Long
Public Function SetPermissions(ByVal pid As Long)
Dim dwErr As Long
Dim hpWriteDAC As Long
Dim pDacl As Long
If pid = 0 Then
hpWriteDAC = -1
Else
hpWriteDAC = OpenProcess(WRITE_DAC, 0, pid)
End If
dwErr = GetLastError()
Dim world As SID
With world
.Revision = SID_REVISION
.SubAuthorityCount = 1
'SECURITY_WORLD_SID_AUTHORITY
.IdentifierAuthority(5) = 1
.SubAuthority = 0
End With
Dim ea As EXPLICIT_ACCESS
With ea
.grfAccessPermissions = PROCESS_ALL_ACCESS 'PROCESS_TERMINATE Or WRITE_DAC
.grfAccessMode = DENY_ACCESS
.grfInheritance = NO_INHERITANCE
With .myTrustee
.pMultipleTrustee = 0
.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE
.TrusteeForm = TRUSTEE_IS_SID
.TrusteeType = TRUSTEE_IS_USER
.ptstrName = VarPtr(world.Revision)
End With
End With
dwErr = SetEntriesInAcl(1, ea, 0, pDacl)
dwErr = SetSecurityInfo(hpWriteDAC, SE_KERNEL_OBJECT, _
DACL_SECURITY_INFORMATION, _
0, 0, pDacl, 0)
LocalFree (pDacl)
SetPermissions = dwErr
End Function
seule chose :
si un processus voulant killer a le privilège SE_DEBUG alors cette protection ne marche pas...
ShareVB
ShareVB
Messages postés
2676
Date d'inscription
vendredi 28 juin 2002
Statut
Membre
Dernière intervention
13 janvier 2016
26
4 août 2006 à 16:02
4 août 2006 à 16:02
salut,
un exemple :
Option Explicit
Private Const SYNCHRONIZE As Long = &H100000
Private Const STANDARD_RIGHTS_REQUIRED As Long = &HF0000
Private Const PROCESS_ALL_ACCESS As Long = (STANDARD_RIGHTS_REQUIRED Or SYNCHRONIZE Or &HFFF)
Private Const SE_KERNEL_OBJECT As Long = 6&
Private Const DENY_ACCESS As Long = 3
Private Const WRITE_DAC As Long = &H40000
Private Const SID_REVISION As Long = 1
Private Const PROCESS_TERMINATE As Long = (&H1)
Private Const NO_INHERITANCE As Long = 0
Private Const DACL_SECURITY_INFORMATION As Long = &H4&
Private Enum TRUSTEE_FORM
TRUSTEE_IS_SID
TRUSTEE_IS_NAME
End Enum
Private Enum TRUSTEE_TYPE
TRUSTEE_IS_UNKNOWN
TRUSTEE_IS_USER
TRUSTEE_IS_GROUP
End Enum
Private Enum MULTIPLE_TRUSTEE_OPERATION
NO_MULTIPLE_TRUSTEE
TRUSTEE_IS_IMPERSONATE
End Enum
Private Type SID
Revision As Byte
SubAuthorityCount As Byte
IdentifierAuthority(5) As Byte
SubAuthority As Long
End Type
Private Type TRUSTEE
pMultipleTrustee As Long
MultipleTrusteeOperation As MULTIPLE_TRUSTEE_OPERATION
TrusteeForm As TRUSTEE_FORM
TrusteeType As TRUSTEE_TYPE
ptstrName As Long
End Type
Private Type EXPLICIT_ACCESS
grfAccessPermissions As Long
grfAccessMode As Long
grfInheritance As Long
myTrustee As TRUSTEE
End Type
Private Declare Function OpenProcess Lib "kernel32.dll" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function GetLastError Lib "kernel32.dll" () As Long
Private Declare Function SetEntriesInAcl Lib "ADVAPI32.dll" Alias "SetEntriesInAclW" (ByVal cCountOfExplicitEntries As Long, ByRef pListOfExplicitEntries As EXPLICIT_ACCESS, ByVal OldAcl As Long, ByRef NewAcl As Long) As Long
Private Declare Function SetSecurityInfo Lib "ADVAPI32.dll" (ByVal handle As Long, ByVal ObjectType As Long, ByVal SecurityInfo As Long, ByVal psidOwner As Long, ByVal psidGroup As Long, ByVal pDacl As Long, ByVal pSacl As Long) As Long
Private Declare Function LocalFree Lib "kernel32.dll" (ByVal hMem As Long) As Long
Public Function SetPermissions(ByVal pid As Long)
Dim dwErr As Long
Dim hpWriteDAC As Long
Dim pDacl As Long
If pid = 0 Then
hpWriteDAC = -1
Else
hpWriteDAC = OpenProcess(WRITE_DAC, 0, pid)
End If
dwErr = GetLastError()
Dim world As SID
With world
.Revision = SID_REVISION
.SubAuthorityCount = 1
'SECURITY_WORLD_SID_AUTHORITY
.IdentifierAuthority(5) = 1
.SubAuthority = 0
End With
Dim ea As EXPLICIT_ACCESS
With ea
.grfAccessPermissions = PROCESS_ALL_ACCESS 'PROCESS_TERMINATE Or WRITE_DAC
.grfAccessMode = DENY_ACCESS
.grfInheritance = NO_INHERITANCE
With .myTrustee
.pMultipleTrustee = 0
.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE
.TrusteeForm = TRUSTEE_IS_SID
.TrusteeType = TRUSTEE_IS_USER
.ptstrName = VarPtr(world.Revision)
End With
End With
dwErr = SetEntriesInAcl(1, ea, 0, pDacl)
dwErr = SetSecurityInfo(hpWriteDAC, SE_KERNEL_OBJECT, _
DACL_SECURITY_INFORMATION, _
0, 0, pDacl, 0)
LocalFree (pDacl)
SetPermissions = dwErr
End Function
seule chose :
si un processus voulant killer a le privilège SE_DEBUG alors cette protection ne marche pas...
ShareVB
un exemple :
Option Explicit
Private Const SYNCHRONIZE As Long = &H100000
Private Const STANDARD_RIGHTS_REQUIRED As Long = &HF0000
Private Const PROCESS_ALL_ACCESS As Long = (STANDARD_RIGHTS_REQUIRED Or SYNCHRONIZE Or &HFFF)
Private Const SE_KERNEL_OBJECT As Long = 6&
Private Const DENY_ACCESS As Long = 3
Private Const WRITE_DAC As Long = &H40000
Private Const SID_REVISION As Long = 1
Private Const PROCESS_TERMINATE As Long = (&H1)
Private Const NO_INHERITANCE As Long = 0
Private Const DACL_SECURITY_INFORMATION As Long = &H4&
Private Enum TRUSTEE_FORM
TRUSTEE_IS_SID
TRUSTEE_IS_NAME
End Enum
Private Enum TRUSTEE_TYPE
TRUSTEE_IS_UNKNOWN
TRUSTEE_IS_USER
TRUSTEE_IS_GROUP
End Enum
Private Enum MULTIPLE_TRUSTEE_OPERATION
NO_MULTIPLE_TRUSTEE
TRUSTEE_IS_IMPERSONATE
End Enum
Private Type SID
Revision As Byte
SubAuthorityCount As Byte
IdentifierAuthority(5) As Byte
SubAuthority As Long
End Type
Private Type TRUSTEE
pMultipleTrustee As Long
MultipleTrusteeOperation As MULTIPLE_TRUSTEE_OPERATION
TrusteeForm As TRUSTEE_FORM
TrusteeType As TRUSTEE_TYPE
ptstrName As Long
End Type
Private Type EXPLICIT_ACCESS
grfAccessPermissions As Long
grfAccessMode As Long
grfInheritance As Long
myTrustee As TRUSTEE
End Type
Private Declare Function OpenProcess Lib "kernel32.dll" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function GetLastError Lib "kernel32.dll" () As Long
Private Declare Function SetEntriesInAcl Lib "ADVAPI32.dll" Alias "SetEntriesInAclW" (ByVal cCountOfExplicitEntries As Long, ByRef pListOfExplicitEntries As EXPLICIT_ACCESS, ByVal OldAcl As Long, ByRef NewAcl As Long) As Long
Private Declare Function SetSecurityInfo Lib "ADVAPI32.dll" (ByVal handle As Long, ByVal ObjectType As Long, ByVal SecurityInfo As Long, ByVal psidOwner As Long, ByVal psidGroup As Long, ByVal pDacl As Long, ByVal pSacl As Long) As Long
Private Declare Function LocalFree Lib "kernel32.dll" (ByVal hMem As Long) As Long
Public Function SetPermissions(ByVal pid As Long)
Dim dwErr As Long
Dim hpWriteDAC As Long
Dim pDacl As Long
If pid = 0 Then
hpWriteDAC = -1
Else
hpWriteDAC = OpenProcess(WRITE_DAC, 0, pid)
End If
dwErr = GetLastError()
Dim world As SID
With world
.Revision = SID_REVISION
.SubAuthorityCount = 1
'SECURITY_WORLD_SID_AUTHORITY
.IdentifierAuthority(5) = 1
.SubAuthority = 0
End With
Dim ea As EXPLICIT_ACCESS
With ea
.grfAccessPermissions = PROCESS_ALL_ACCESS 'PROCESS_TERMINATE Or WRITE_DAC
.grfAccessMode = DENY_ACCESS
.grfInheritance = NO_INHERITANCE
With .myTrustee
.pMultipleTrustee = 0
.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE
.TrusteeForm = TRUSTEE_IS_SID
.TrusteeType = TRUSTEE_IS_USER
.ptstrName = VarPtr(world.Revision)
End With
End With
dwErr = SetEntriesInAcl(1, ea, 0, pDacl)
dwErr = SetSecurityInfo(hpWriteDAC, SE_KERNEL_OBJECT, _
DACL_SECURITY_INFORMATION, _
0, 0, pDacl, 0)
LocalFree (pDacl)
SetPermissions = dwErr
End Function
seule chose :
si un processus voulant killer a le privilège SE_DEBUG alors cette protection ne marche pas...
ShareVB
