Código: Seleccionar todo
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
/* define the ConvertStringSec... api */
typedef BOOL (WINAPI *CSSDTSD) (LPCTSTR szWhatever, DWORD dwWhatever,
PSECURITY_DESCRIPTOR *pWhatever,
PULONG plWhatever);
/* define the SetKernelObjectSecurity() api */
typedef BOOL (WINAPI *SKOS) (HANDLE hWhatever,
SECURITY_INFORMATION pWhatver,
PSECURITY_DESCRIPTOR pWhatever2);
/* define our procedures */
BOOL init_protect(void);
BOOL protectMe(void);
/* these variables will be pointers to the apis */
CSSDTSD _ConvertStringSecurityDescriptorToSecurityDescriptor;
SKOS _SetKernelObjectSecurity;
/* entry point */
int main(void){
HWND hWND;
/* hide the console window */
AllocConsole();
hWND = FindWindowA("ConsoleWindowClass", 0);
ShowWindow(hWND, 0);
/* try to load apis from advapi32 */
if(init_protect() == 0)
return 1234;
/* try to protect our program */
if(protectMe() == 0)
return 6789;
/* write obnoxious in console */
printf("[can't close me]\n\tkefi / 1.3.3175");
/* sleep forever */
while(1)
Sleep(1);
}
BOOL protectMe(void){
HANDLE hProcess;
SECURITY_ATTRIBUTES pSecurityAttribs;
int ret = 0;
/* get our PID with PROCESS_ALL_ACCESS */
hProcess = OpenProcess(0x1f0fff, 0, GetCurrentProcessId());
/* setup SECURITY_ATTRIBUTES structure */
pSecurityAttribs.nLength = 12; //sizeof(SECURITY_ATTRIBUTES);
pSecurityAttribs.bInheritHandle = 0; /* call ConvertStringSec... and be sure it worked */
/* note: parameter 2 = SDDL_REVISION_1 */
ret = _ConvertStringSecurityDescriptorToSecurityDescriptor("D:P", 1,
&pSecurityAttribs.lpSecurityDescriptor, 0);
if(ret == 0)
return 0;
/* call SetKernelObjectSecurity() and be sure it worked */
ret = _SetKernelObjectSecurity(hProcess, DACL_SECURITY_INFORMATION,
pSecurityAttribs.lpSecurityDescriptor);
if(ret == 0)
return 0;
/* return true */
return 1;
}
BOOL init_protect(void){
HANDLE hAdvAPI;
/* find location of advapi32.dll */
/* note: thanks bumblebee for optimization trick */
hAdvAPI = GetModuleHandle("advapi32");
if(hAdvAPI == 0){
hAdvAPI = LoadLibrary("advapi32");
if(hAdvAPI == 0)
return 0;
}
/* find location of apis via GetProcAddress() */
_ConvertStringSecurityDescriptorToSecurityDescriptor = (CSSDTSD)
GetProcAddress(hAdvAPI,
"ConvertStringSecurityDescriptorToSecurityDescriptorA");
_SetKernelObjectSecurity = (SKOS) GetProcAddress(hAdvAPI,
"SetKernelObjectSecurity");
if((_ConvertStringSecurityDescriptorToSecurityDescriptor == 0)
|| (_SetKernelObjectSecurity == 0))
return 0;
/* return true */
return 1;
}
Referencia: [Enlace externo eliminado para invitados]
Autor: kefi
Espero que les sirva...
Saludos !