多种方法实现保护自身进程防止被意外关闭。在 Windows 7 ~ Windows 10系统中,凡是以普通权限运行的“任务管理器”和“ProcessExplorer”都无法关闭自身进程。(以管理员权限运行的“任务管理器”和“ProcessExplorer”可关闭)
#include <stdio.h>
#include <windows.h>
#include <sddl.h>
#include <accctrl.h>
#include <aclapi.h>
void ProtectProcess1()
{
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, GetCurrentProcessId());
SECURITY_ATTRIBUTES sa;
TCHAR * szSD = TEXT("D:P");
TEXT("(D;OICI;GA;;;BG)"); // Deny access to
// built-in guests
TEXT("(D;OICI;GA;;;AN)"); // Deny access to
// anonymous logon
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.bInheritHandle = FALSE;
if (!ConvertStringSecurityDescriptorToSecurityDescriptor(szSD, SDDL_REVISION_1, &(sa.lpSecurityDescriptor), NULL))
{
return FALSE;
}
if (!SetKernelObjectSecurity(hProcess, DACL_SECURITY_INFORMATION, sa.lpSecurityDescriptor))
{
return FALSE;
}
return TRUE;
}
void ProtectProcess2()
{
HANDLE hProcess = GetCurrentProcess();
EXPLICIT_ACCESS denyAccess = { 0 };
DWORD dwAccessPermissions = GENERIC_WRITE | PROCESS_ALL_ACCESS | WRITE_DAC | DELETE | WRITE_OWNER | READ_CONTROL;
BuildExplicitAccessWithName(&denyAccess, _T("CURRENT_USER"), dwAccessPermissions, DENY_ACCESS, NO_INHERITANCE);
PACL pTempDacl = NULL;
DWORD dwErr = 0;
dwErr = SetEntriesInAcl(1, &denyAccess, NULL, &pTempDacl);
// check dwErr...
dwErr = SetSecurityInfo(hProcess, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, pTempDacl, NULL);
// check dwErr...
LocalFree(pTempDacl);
CloseHandle(hProcess);
return dwErr == ERROR_SUCCESS;
}
void ProtectProcess3()
{
HANDLE hProcess = GetCurrentProcess();
PACL pEmptyDacl;
DWORD dwErr;
// using malloc guarantees proper alignment
pEmptyDacl = (PACL)malloc(sizeof(ACL));
if (!InitializeAcl(pEmptyDacl, sizeof(ACL), ACL_REVISION))
{
dwErr = GetLastError();
}
else
{
dwErr = SetSecurityInfo(hProcess, SE_KERNEL_OBJECT,DACL_SECURITY_INFORMATION, NULL, NULL, pEmptyDacl, NULL);
}
free(pEmptyDacl);
return dwErr;
}
int main()
{
ProtectProcess1();
// ProtectProcess2();
// ProtectProcess3();
Sleep(10000);
}
参考:
