SetKernelObjectSecurity() Problem

thorax · Post by **thorax** » Fri Feb 01, 2008 5:59 am

I have still problems with the code below. The code should disable task killing by users without "power rights", but it's don't working :<
I get "OK" from ProtectProcess() but the process is not protected from task killing. Why?

Code: Select all

Prototype cssdtsd(StringSecurityDescriptor.s,StringSDRevision,*SecurityDescriptor,SecurityDescriptorSize)

If OpenLibrary(0,"Advapi32.dll")
  cssdtsd.cssdtsd = GetFunction(0,"ConvertStringSecurityDescriptorToSecurityDescriptorA")
Else
  End
EndIf

#SDDL_REVISION_1           = 1
#DACL_SECURITY_INFORMATION = 4

Procedure.l ProtectProcess(process.l)
  Shared cssdtsd.cssdtsd
  Protected sa.SECURITY_ATTRIBUTES
  sa\nLength        = SizeOf(SECURITY_ATTRIBUTES)
  sa\bInheritHandle = #False
  lRet.l = cssdtsd("D:P",#SDDL_REVISION_1,@sa\lpSecurityDescriptor,0)
  Debug lRet
  If Not lRet
    ProcedureReturn 0
  EndIf
  If Not SetKernelObjectSecurity_(process,#DACL_SECURITY_INFORMATION,sa\lpSecurityDescriptor)
    ProcedureReturn 0
  EndIf
  ProcedureReturn 1
EndProcedure

OpenConsole()

hProc = OpenProcess_(#PROCESS_ALL_ACCESS, 0, GetCurrentProcessId_())
If hProc
  If ProtectProcess(hProc)
    PrintN("SetProcessDacl - Keep a process from being closed by other applications.")
    PrintN("OK")
    MessageRequester("","OK")
  Else
    PrintN("SetProcessDacl - Keep a process from being closed by other applications.")
    PrintN("FAIL")    
  EndIf
  CloseHandle_(hProc)
Else
  PrintN("SetProcessDacl - Keep a process from being closed by other applications.")
  PrintN("ERROR")  
EndIf
CloseConsole()
CloseLibrary(0)
End

Here the C code:

Code: Select all

#define _WIN32_WINNT 0x0500

#include <windows.h>
#include <sddl.h>
#include <accctrl.h>
#include <stdio.h>
#include <conio.h>
#include <aclapi.h>

BOOL ProtectProcess(HANDLE hProcess);

void main(void)
{
	HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, GetCurrentProcessId());

	ProtectProcess(hProc);

	printf("SetProcessDacl - Keep a process from being closed by other applications.\nDeveloped by ANUBIS");

	while(TRUE)
	{
		Sleep(100);
	}

}

BOOL ProtectProcess(HANDLE hProcess)
{
	SECURITY_ATTRIBUTES sa;

	sa.nLength = sizeof(SECURITY_ATTRIBUTES);
	sa.bInheritHandle = FALSE;

	if (!ConvertStringSecurityDescriptorToSecurityDescriptor("D:P", SDDL_REVISION_1, &(sa.lpSecurityDescriptor), NULL))
		return FALSE;

	if (!SetKernelObjectSecurity(hProcess, DACL_SECURITY_INFORMATION, sa.lpSecurityDescriptor))
		return FALSE;

	return TRUE;

}