防止注入的代码
闲话不说了,看代码:
1
#define PROTECTED_DACL_SECURITY_INFORMATION (0x80000000L)
2
3BOOL Lock_CurrentProcess()
4
{
5
HANDLE hProcess = ::GetCurrentProcess();
6 SID_IDENTIFIER_AUTHORITY sia = SECURITY_WORLD_SID_AUTHORITY;
7 PSID pSid;
8 BOOL bSus = FALSE;
9 bSus = ::AllocateAndInitializeSid(&sia,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,&pSid);
10 if(!bSus) goto Cleanup;
11 HANDLE hToken;
12 bSus = ::OpenProcessToken(hProcess,TOKEN_QUERY,&hToken);
13 if(!bSus) goto Cleanup;
14 DWORD dwReturnLength;
15 ::GetTokenInformation(hToken,TokenUser,NULL,NULL,&dwReturnLength);
16 if(dwReturnLength > 0x400) goto Cleanup;
17 LPVOID TokenInformation;
18 TokenInformation = ::LocalAlloc(LPTR,0x400);//这里就引用SDK的函数不引用CRT的了
19 DWORD dw;
20 bSus = ::GetTokenInformation(hToken,TokenUser,TokenInformation,0x400,&dw);
21 if(!bSus) goto Cleanup;
22 PTOKEN_USER pTokenUser = (PTOKEN_USER)TokenInformation;
23 BYTE Buf[0x200];
24 PACL pAcl = (PACL)&Buf;
25 bSus = ::InitializeAcl(pAcl,1024,ACL_REVISION);
26 if(!bSus) goto Cleanup;
27 bSus = ::AddAccessDeniedAce(pAcl,ACL_REVISION,0x000000FA,pSid);
28 if(!bSus) goto Cleanup;
29 bSus = ::AddAccessAllowedAce(pAcl,ACL_REVISION,0x00100701,pTokenUser->User.Sid);
30 if(!bSus) goto Cleanup;
31 if(::SetSecurityInfo(hProcess,SE_KERNEL_OBJECT,DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION,NULL,NULL,pAcl,NULL) == 0)
32 bSus = TRUE;
33Cleanup:
34 if(hProcess != NULL)
35 ::CloseHandle(hProcess);
36 if(pSid != NULL)
37 ::FreeSid(pSid);
38 return bSus;
39
}
40
#define PROTECTED_DACL_SECURITY_INFORMATION (0x80000000L)2
3
BOOL Lock_CurrentProcess()4
{5
HANDLE hProcess = ::GetCurrentProcess();6
SID_IDENTIFIER_AUTHORITY sia = SECURITY_WORLD_SID_AUTHORITY;7
PSID pSid;8
BOOL bSus = FALSE;9
bSus = ::AllocateAndInitializeSid(&sia,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,&pSid);10
if(!bSus) goto Cleanup;11
HANDLE hToken;12
bSus = ::OpenProcessToken(hProcess,TOKEN_QUERY,&hToken);13
if(!bSus) goto Cleanup;14
DWORD dwReturnLength;15
::GetTokenInformation(hToken,TokenUser,NULL,NULL,&dwReturnLength);16
if(dwReturnLength > 0x400) goto Cleanup;17
LPVOID TokenInformation;18
TokenInformation = ::LocalAlloc(LPTR,0x400);//这里就引用SDK的函数不引用CRT的了19
DWORD dw;20
bSus = ::GetTokenInformation(hToken,TokenUser,TokenInformation,0x400,&dw);21
if(!bSus) goto Cleanup;22
PTOKEN_USER pTokenUser = (PTOKEN_USER)TokenInformation;23
BYTE Buf[0x200];24
PACL pAcl = (PACL)&Buf;25
bSus = ::InitializeAcl(pAcl,1024,ACL_REVISION);26
if(!bSus) goto Cleanup;27
bSus = ::AddAccessDeniedAce(pAcl,ACL_REVISION,0x000000FA,pSid);28
if(!bSus) goto Cleanup;29
bSus = ::AddAccessAllowedAce(pAcl,ACL_REVISION,0x00100701,pTokenUser->User.Sid);30
if(!bSus) goto Cleanup;31
if(::SetSecurityInfo(hProcess,SE_KERNEL_OBJECT,DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION,NULL,NULL,pAcl,NULL) == 0)32
bSus = TRUE;33
Cleanup:34
if(hProcess != NULL)35
::CloseHandle(hProcess);36
if(pSid != NULL)37
::FreeSid(pSid);38
return bSus;39
}40
这段代码就可以锁住其他进程打开本进程,当然也就防止了注入,和读写内存.
可以更绝点Denied ALL ACCESS(0xFFFFFFFF)就连结束都不可能了
::AllocateAndInitializeSid 可以换成 :: InitializeSid .因为我们并不需要初始化子Sid.
另外.
bSus = ::AddAccessDeniedAce(pAcl,ACL_REVISION,0x000000FA,pSid);
if(!bSus) goto Cleanup;
bSus = ::AddAccessAllowedAce(pAcl,ACL_REVISION,0x00100701,pTokenUser->User.Sid);
实际上只需要下面的一句,或者干脆把它去掉,因为如果不添加Ace默认就是没有权限.既然这样上面的那句话AllocateAndInitializeSid 也可以省掉,也似乎有些多余