Prevent user process from being killed with “End Process” from Process Explorer

by

The code given in the question is misleading. It constructs a DACL with no allow entries and one deny entry; that might make sense if you were applying the DACL to a file with inheritance enabled, but in this case the deny entry is redundant. In the Windows access control model, if a DACL exists but contains no matching ACE, access is implicitly denied.

Here’s my version, which applies an empty DACL, denying all access. (Note that it returns an error code rather than a boolean.)

DWORD ProtectProcess(void)
{
    HANDLE hProcess = GetCurrentProcess();
    PACL pEmptyDacl;
    DWORD dwErr;

    // using malloc guarantees proper alignment
    pEmptyDacl = (PACL)malloc(sizeof(ACL));

    if (!InitializeAcl(pEmptyDacl, sizeof(ACL), ACL_REVISION))
    {
        dwErr = GetLastError();
    }
    else
    {
        dwErr = SetSecurityInfo(hProcess, SE_KERNEL_OBJECT, 
                   DACL_SECURITY_INFORMATION, NULL, NULL, pEmptyDacl, NULL);
    }

    free(pEmptyDacl);
    return dwErr;
}

More Related Contents:

  1. C++, How to determine if a Windows Process is running?
  2. Getting another process command line in Windows
  3. How to get the starting/base address of a process in C++?
  4. How does the Import Library work? Details?
  5. strptime() equivalent on Windows?
  6. Export all symbols when creating a DLL
  7. How do I calculate the week number given a date?
  8. How to detect win32 process creation/termination in c++
  9. boost_1_60_0 .zip installation in windows
  10. How to read a value from the Windows registry
  11. LPCSTR, LPCTSTR and LPTSTR
  12. How to properly replace global new & delete operators
  13. Porting clock_gettime to windows
  14. How do I open an .exe from another C++ .exe?
  15. Win32 programming hiding console window
  16. DLL redirection using manifests
  17. How to read output from cmd.exe using CreateProcess() and CreatePipe()
  18. C++ Get Username From Process
  19. Windows/C++: Is it possible to find the line of code where exception was thrown having “Exception Offset”
  20. How do I get the window handle of the desktop?
  21. Clang C++ Cross Compiler – Generating Windows Executable from Mac OS X
  22. How to create a Process that outlives its parent
  23. changing the directory from inside a c program under windows using system command
  24. What’s the differences between .dll , .lib, .h files?
  25. VC++ fatal error LNK1168: cannot open filename.exe for writing
  26. Get base address of process
  27. How can CString be passed to format string %s?
  28. EnumDisplayDevices vs WMI Win32_DesktopMonitor, how to detect active monitors?
  29. “APIENTRY _tWinMain” and “WINAPI WinMain” difference
  30. How do I get at the exception information when using MiniDumpWriteDump out-of-process?

Leave a Comment