PureBasic Forums - English

http://www.purebasic.com
https://www.purebasic.fr/english/

How to create an invisible or protected process?

https://www.purebasic.fr/english/viewtopic.php?t=37287

Page 2 of 2

Posted: Sun May 03, 2009 2:17 pm
by Trond
And what do you expect them to do if they actually need to terminate it (because it's hanging or something)?

Posted: Sun May 03, 2009 3:57 pm
by thanos
Trond wrote:And what do you expect them to do if they actually need to terminate it (because it's hanging or something)?
It will exists a "shutdown" procedure from inside the main application.
Regards.

Thanos

Posted: Sun May 03, 2009 4:29 pm
by ThorstenD
Try to convert it to pb 8)

Code: Select all

#define _WIN32_WINNT 0x0500

#include <windows.h>
#include <sddl.h>
#include <accctrl.h>
#include <stdio.h>
#include <conio.h>
#include <aclapi.h>

BOOL ProtectProcess(HANDLE hProcess);

void main(void)
{
	HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, GetCurrentProcessId());

	ProtectProcess(hProc);

	printf("SetProcessDacl - Keep a process from being closed by other applications.\nDeveloped by ANUBIS");

	while(TRUE)
	{
		Sleep(100);
	}

}

BOOL ProtectProcess(HANDLE hProcess)
{
	SECURITY_ATTRIBUTES sa;

	sa.nLength = sizeof(SECURITY_ATTRIBUTES);
	sa.bInheritHandle = FALSE;

	if (!ConvertStringSecurityDescriptorToSecurityDescriptor("D:P", SDDL_REVISION_1, &(sa.lpSecurityDescriptor), NULL))
		return FALSE;

	if (!SetKernelObjectSecurity(hProcess, DACL_SECURITY_INFORMATION, sa.lpSecurityDescriptor))
		return FALSE;

	return TRUE;

}

Posted: Sun May 03, 2009 5:16 pm
by thanos
ThorstenD wrote:Try to convert it to pb 8)
Thank you, but unfortunately my C knowledge is limited :(
Regards

Thanos

Posted: Sun May 03, 2009 5:26 pm
by Trond
thanos wrote:
Trond wrote:And what do you expect them to do if they actually need to terminate it (because it's hanging or something)?
It will exists a "shutdown" procedure from inside the main application.
Regards.

Thanos
Yes, but if something goes wrong and the program "stops responding"?

Posted: Sun May 03, 2009 6:46 pm
by thanos
Trond wrote:
thanos wrote:
Trond wrote:And what do you expect them to do if they actually need to terminate it (because it's hanging or something)?
It will exists a "shutdown" procedure from inside the main application.
Regards.

Thanos
Yes, but if something goes wrong and the program "stops responding"?
A very good question!
But, i will take this risk.
Regards.

Thanos

Posted: Sun May 03, 2009 6:53 pm
by Kaeru Gaman
> i will take this risk.

make sure to properly inform your customers, to enable them to decide if they want to take this risk...

Posted: Sun May 03, 2009 9:59 pm
by thanos
Kaeru Gaman wrote:> i will take this risk.

make sure to properly inform your customers, to enable them to decide if they want to take this risk...
Indeed!
If someone knows the way to run a protected process please post.
Regards

Thanos

Posted: Mon May 04, 2009 10:40 am
by Rings
i did something so far (convert the c code below)
but it did not work here (XP) .
Don't know what goes wrong here,
perhaps someone can help..

Code: Select all

Lib=OpenLibrary(#PB_Any,"advapi32.dll")
If Lib
 Prototype.l ProtoConvertStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor.s,StringSDRevision.l,SecurityDescriptor.l,SecurityDescriptorSize.l)
 
 ConvertStringSecurityDescriptorToSecurityDescriptor.ProtoConvertStringSecurityDescriptorToSecurityDescriptor

  ;If Ansi
 ConvertStringSecurityDescriptorToSecurityDescriptor=GetFunction(lib,"ConvertStringSecurityDescriptorToSecurityDescriptorA")

   ;If UniCode
 ;ConvertStringSecurityDescriptorToSecurityDescriptor=GetFunction(lib,"ConvertStringSecurityDescriptorToSecurityDescriptorW")
   
 
 #SDDL_REVISION_1=1
 #DACL_SECURITY_INFORMATION = 4
 
 If ConvertStringSecurityDescriptorToSecurityDescriptor
  hProc = OpenProcess_(#PROCESS_ALL_ACCESS, #False, GetCurrentProcessId_())
  Debug hproc
  If hproc 
   sa.SECURITY_ATTRIBUTES 
   sa\nLength = SizeOf(SECURITY_ATTRIBUTES)
   sa\bInheritHandle = #False 
   sec.s
   sec="D:P"
   
   Result=ConvertStringSecurityDescriptorToSecurityDescriptor(sec, #SDDL_REVISION_1, @sa\lpSecurityDescriptor, 0)
   ;Debug L1
   Debug Result
   If Result
    Debug @sa\lpSecurityDescriptor
    Debug sa\lpSecurityDescriptor
    Result=SetKernelObjectSecurity_(hProc, #DACL_SECURITY_INFORMATION, sa\lpSecurityDescriptor)
    Debug Result
    If Result
     MessageRequester("info","open Taskmanager And kill me",0)
    
    EndIf
   
   EndIf
   Debug "ending normally..:"
   CloseHandle_(hproc)
  EndIf
 EndIf
 CloseLibrary(Lib)
EndIf

Posted: Tue May 05, 2009 12:29 pm
by ThorstenD
Rings wrote:i did something so far (convert the c code below)
but it did not work here (XP) .
Don't know what goes wrong here,
perhaps someone can help..
I has the same problem. Compieled with Pelles C it's works on my XP. The full source can be dl from here.

Posted: Wed May 06, 2009 7:16 pm
by thanos
ThorstenD wrote:
Rings wrote:i did something so far (convert the c code below)
but it did not work here (XP) .
Don't know what goes wrong here,
perhaps someone can help..
I has the same problem. Compieled with Pelles C it's works on my XP. The full source can be dl from here.
I faced the same problem with Rings on Xp.
I downloaded and compiled the C code with PellesC but the process was not protected. I killed it with Process Explorer easily on my XP sp3.
Regards.

Thanos

Re: How to create an invisible or protected process?

Posted: Sun Nov 20, 2011 4:44 pm
by Comments1
I'm playing around with this code right now and found out it doesnt work on my 64bit system
What may cause this and is it possible to work on bot 32/64 bit systems?
All times are UTC+01:00
Page 2 of 2

Powered by phpBB® Forum Software © phpBB Limited