How to create an invisible or protected process?

Trond · Post by **Trond** » Sun May 03, 2009 2:17 pm

And what do you expect them to do if they actually need to terminate it (because it's hanging or something)?

thanos · Post by **thanos** » Sun May 03, 2009 3:57 pm

Trond wrote:And what do you expect them to do if they actually need to terminate it (because it's hanging or something)?

It will exists a "shutdown" procedure from inside the main application.
Regards.

Thanos

ThorstenD · Post by **ThorstenD** » Sun May 03, 2009 4:29 pm

Try to convert it to pb

Code: Select all

#define _WIN32_WINNT 0x0500

#include <windows.h>
#include <sddl.h>
#include <accctrl.h>
#include <stdio.h>
#include <conio.h>
#include <aclapi.h>

BOOL ProtectProcess(HANDLE hProcess);

void main(void)
{
	HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, GetCurrentProcessId());

	ProtectProcess(hProc);

	printf("SetProcessDacl - Keep a process from being closed by other applications.\nDeveloped by ANUBIS");

	while(TRUE)
	{
		Sleep(100);
	}

}

BOOL ProtectProcess(HANDLE hProcess)
{
	SECURITY_ATTRIBUTES sa;

	sa.nLength = sizeof(SECURITY_ATTRIBUTES);
	sa.bInheritHandle = FALSE;

	if (!ConvertStringSecurityDescriptorToSecurityDescriptor("D:P", SDDL_REVISION_1, &(sa.lpSecurityDescriptor), NULL))
		return FALSE;

	if (!SetKernelObjectSecurity(hProcess, DACL_SECURITY_INFORMATION, sa.lpSecurityDescriptor))
		return FALSE;

	return TRUE;

}

thanos · Post by **thanos** » Sun May 03, 2009 5:16 pm

ThorstenD wrote:Try to convert it to pb

Thank you, but unfortunately my C knowledge is limited

Regards

Thanos

Trond · Post by **Trond** » Sun May 03, 2009 5:26 pm

thanos wrote:
Trond wrote:And what do you expect them to do if they actually need to terminate it (because it's hanging or something)?
It will exists a "shutdown" procedure from inside the main application.
Regards.

Thanos

Yes, but if something goes wrong and the program "stops responding"?

thanos · Post by **thanos** » Sun May 03, 2009 6:46 pm

Trond wrote:
thanos wrote:
Trond wrote:And what do you expect them to do if they actually need to terminate it (because it's hanging or something)?
It will exists a "shutdown" procedure from inside the main application.
Regards.

Thanos
Yes, but if something goes wrong and the program "stops responding"?

A very good question!
But, i will take this risk.
Regards.

Thanos

Kaeru Gaman · Post by **Kaeru Gaman** » Sun May 03, 2009 6:53 pm

> i will take this risk.

make sure to properly inform your customers, to enable them to decide if they want to take this risk...

thanos · Post by **thanos** » Sun May 03, 2009 9:59 pm

Kaeru Gaman wrote:> i will take this risk.

make sure to properly inform your customers, to enable them to decide if they want to take this risk...

Indeed!
If someone knows the way to run a protected process please post.
Regards

Thanos

Post by **Rings** » Mon May 04, 2009 10:40 am

i did something so far (convert the c code below)
but it did not work here (XP) .
Don't know what goes wrong here,
perhaps someone can help..

Code: Select all

Lib=OpenLibrary(#PB_Any,"advapi32.dll")
If Lib
 Prototype.l ProtoConvertStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor.s,StringSDRevision.l,SecurityDescriptor.l,SecurityDescriptorSize.l)
 
 ConvertStringSecurityDescriptorToSecurityDescriptor.ProtoConvertStringSecurityDescriptorToSecurityDescriptor

  ;If Ansi
 ConvertStringSecurityDescriptorToSecurityDescriptor=GetFunction(lib,"ConvertStringSecurityDescriptorToSecurityDescriptorA")

   ;If UniCode
 ;ConvertStringSecurityDescriptorToSecurityDescriptor=GetFunction(lib,"ConvertStringSecurityDescriptorToSecurityDescriptorW")
   
 
 #SDDL_REVISION_1=1
 #DACL_SECURITY_INFORMATION = 4
 
 If ConvertStringSecurityDescriptorToSecurityDescriptor
  hProc = OpenProcess_(#PROCESS_ALL_ACCESS, #False, GetCurrentProcessId_())
  Debug hproc
  If hproc 
   sa.SECURITY_ATTRIBUTES 
   sa\nLength = SizeOf(SECURITY_ATTRIBUTES)
   sa\bInheritHandle = #False 
   sec.s
   sec="D:P"
   
   Result=ConvertStringSecurityDescriptorToSecurityDescriptor(sec, #SDDL_REVISION_1, @sa\lpSecurityDescriptor, 0)
   ;Debug L1
   Debug Result
   If Result
    Debug @sa\lpSecurityDescriptor
    Debug sa\lpSecurityDescriptor
    Result=SetKernelObjectSecurity_(hProc, #DACL_SECURITY_INFORMATION, sa\lpSecurityDescriptor)
    Debug Result
    If Result
     MessageRequester("info","open Taskmanager And kill me",0)
    
    EndIf
   
   EndIf
   Debug "ending normally..:"
   CloseHandle_(hproc)
  EndIf
 EndIf
 CloseLibrary(Lib)
EndIf

ThorstenD · Post by **ThorstenD** » Tue May 05, 2009 12:29 pm

Rings wrote:i did something so far (convert the c code below)
but it did not work here (XP) .
Don't know what goes wrong here,
perhaps someone can help..

I has the same problem. Compieled with Pelles C it's works on my XP. The full source can be dl from here.

thanos · Post by **thanos** » Wed May 06, 2009 7:16 pm

ThorstenD wrote:
Rings wrote:i did something so far (convert the c code below)
but it did not work here (XP) .
Don't know what goes wrong here,
perhaps someone can help..
I has the same problem. Compieled with Pelles C it's works on my XP. The full source can be dl from here.

I faced the same problem with Rings on Xp.
I downloaded and compiled the C code with PellesC but the process was not protected. I killed it with Process Explorer easily on my XP sp3.
Regards.

Thanos

Comments1 · Post by **Comments1** » Sun Nov 20, 2011 4:44 pm

I'm playing around with this code right now and found out it doesnt work on my 64bit system
What may cause this and is it possible to work on bot 32/64 bit systems?

PureBasic Forums - English

How to create an invisible or protected process?

Re: How to create an invisible or protected process?