Lessons IX : Mã bảo vệ chương trình không bị End Task trong Windows

Mã bảo vệ chương trình không bị End Task trong Windows

 

Đoạn code sau đây sử dụng các tính năng sercurity object trên
Win2K/XP. Một process cần được bảo vệ sẽ được tạo ra với quyền
truy cập được hạn chế bằng cách đặt thuộc tính SECURITY_ATTRIBUTES
trong khi gọi hàn CreateProcess để tạo process được bảo vệ!

<Tham khảo trong MSDN Platform SDK: Access Control 8) >

Code:

// SecurityObj.cpp : Defines the entry point for the application.

//

 

#include “stdafx.h”

 

#include <windows.h>

#include <stdio.h>

#include <aclapi.h>

 

BOOL CreateProtectedProcess(

LPCTSTR lpApplicationName,                 // name of executable module

LPTSTR lpCommandLine,                      // command line string

DWORD dwCreationFlags                      // creation flags

);

 

int APIENTRY WinMain(HINSTANCE hInstance,

HINSTANCE hPrevInstance,

LPSTR     lpCmdLine,

int       nCmdShow)

{

CreateProtectedProcess(“c:\winnt\system32\calc.exe”,           NULL, 0 );

return 0;

}

 

BOOL CreateProtectedProcess(

LPCTSTR lpApplicationName,                 // name of executable module

LPTSTR lpCommandLine,                      // command line string

DWORD dwCreationFlags                      // creation flags

)

{

DWORD dwRes;

PSID pEveryoneSID = NULL, pAdminSID = NULL;

PACL pACL = NULL;

PSECURITY_DESCRIPTOR pSD = NULL;

EXPLICIT_ACCESS ea[2];

SID_IDENTIFIER_AUTHORITY SIDAuthWorld = SECURITY_WORLD_SID_AUTHORITY;

SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;

SECURITY_ATTRIBUTES sa;

 

// Create a well-known SID for the Everyone group.

 

if(! AllocateAndInitializeSid( &SIDAuthWorld, 1,

SECURITY_WORLD_RID,

0, 0, 0, 0, 0, 0, 0,

&pEveryoneSID) )

{

return FALSE;

}

 

// Initialize an EXPLICIT_ACCESS structure for an ACE.

// The ACE will allow Everyone read access to the object.

 

ZeroMemory(&ea, 2 * sizeof(EXPLICIT_ACCESS));

ea[0].grfAccessPermissions = GENERIC_READ;

ea[0].grfAccessMode = DENY_ACCESS;

ea[0].grfInheritance= NO_INHERITANCE;

ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;

ea[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;

ea[0].Trustee.ptstrName  = (LPTSTR) pEveryoneSID;

 

// Create a SID for the BUILTIN\Administrators group.

 

if(! AllocateAndInitializeSid( &SIDAuthNT, 2,

SECURITY_BUILTIN_DOMAIN_RID,

DOMAIN_ALIAS_RID_ADMINS,

0, 0, 0, 0, 0, 0,

&pAdminSID) )

{

goto Cleanup;

}

 

// Initialize an EXPLICIT_ACCESS structure for an ACE.

// The ACE will allow the Administrators group full access to the key.

 

ea[1].grfAccessPermissions = GENERIC_READ;

ea[1].grfAccessMode = DENY_ACCESS;

ea[1].grfInheritance= NO_INHERITANCE;

ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;

ea[1].Trustee.TrusteeType = TRUSTEE_IS_GROUP;

ea[1].Trustee.ptstrName  = (LPTSTR) pAdminSID;

 

// Create a new ACL that contains the new ACEs.

 

dwRes = SetEntriesInAcl(2, ea, NULL, &pACL);

if (ERROR_SUCCESS != dwRes)

{

goto Cleanup;

}

 

// Initialize a security descriptor.

 

pSD = (PSECURITY_DESCRIPTOR) LocalAlloc(LPTR,

SECURITY_DESCRIPTOR_MIN_LENGTH);

if (pSD == NULL)

{

goto Cleanup;

}

 

if (!InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION))

{

goto Cleanup;

}

 

// Add the ACL to the security descriptor.

 

if (!SetSecurityDescriptorDacl(pSD, TRUE,     // fDaclPresent flag

pACL, FALSE))   // not a default DACL

{

goto Cleanup;

}

 

// Initialize a security attributes structure.

 

sa.nLength = sizeof (SECURITY_ATTRIBUTES);

sa.lpSecurityDescriptor = pSD;

sa.bInheritHandle = FALSE;

 

// Use the security attributes to set the security descriptor

// when you create a key.

 

PROCESS_INFORMATION pi;

STARTUPINFO si;

memset(π,0,sizeof(pi));

memset(&si,0,sizeof(si));

si.cb = sizeof(si);

si.wShowWindow = SW_SHOW;

 

CreateProcess(lpApplicationName,lpCommandLine, &sa,  &sa,dwCreationFlags,0,0,0,&si,π);

 

// clean up data

Cleanup:

 

if (pEveryoneSID)     FreeSid(pEveryoneSID);

if (pAdminSID)         FreeSid(pAdminSID);

if (pACL)         LocalFree(pACL);

if (pSD)         LocalFree(pSD);

return TRUE;

 

}

 

ngoalong(HVA)

  1. Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: