changing process access levels/rights
-
Hey, I'm trying to find some good information (articles, samples, whatever) on changing the access rights of a process. I believe the API methods include, OpenProcess, GetKernelObjectSecurity, GetSecurityDescriptorDacl, GetAclInformation, SetKernelObjectSecurity, etc. I am trying to disable some rights in a process like PROCESS_TERMINATE though I am having trouble finding some good information. Thanks all Luke
-
Hey, I'm trying to find some good information (articles, samples, whatever) on changing the access rights of a process. I believe the API methods include, OpenProcess, GetKernelObjectSecurity, GetSecurityDescriptorDacl, GetAclInformation, SetKernelObjectSecurity, etc. I am trying to disable some rights in a process like PROCESS_TERMINATE though I am having trouble finding some good information. Thanks all Luke
-
After u OpenProcess, u should OpenProcessToken and AdjustTokenPriviliges. In addition, u'd probably wanna use LookupPriviligeValue. For some more info and examples search for how to shutdown the syste HTH Yakov
Cool, what privilege name do you use in LookupPrivilegeValue as I can not find something that seems to disable the right to terminate the process. I had found some things pointing to using Dacl's etc whihc is really annoying, to disable PROCESS_TERMINATE. Thanks
-
Cool, what privilege name do you use in LookupPrivilegeValue as I can not find something that seems to disable the right to terminate the process. I had found some things pointing to using Dacl's etc whihc is really annoying, to disable PROCESS_TERMINATE. Thanks
First, here's the privilege list: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/authorization_constants.asp[^] I believe u need SE_DEBUG_NAME to terminate processes. Look here: http://www.alexfedotov.com/articles/killproc.asp[^]
-
First, here's the privilege list: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/authorization_constants.asp[^] I believe u need SE_DEBUG_NAME to terminate processes. Look here: http://www.alexfedotov.com/articles/killproc.asp[^]
Thanks for the reply. What I am trying to do is disable the user from killing the app in task manager. first the program enabled SE_SYSTEM_NAME and then open the current process with ACCESS_SYSTEM_ALL (or something, dont have the code infront of me). Then I use GetKernelObjectSecurity to get the Dacl of the process and I adjust that by adding a AddAccessDeniedAce for the PROCESS_TERMINATE mask. and apply that to the Security descriptor and use SetKernelObjectSecurity to set it. Now this work for Windows NT. the task manager gets a 'access denied' when trying to kill the app. But in Win XP the Task manager gives itself the SE_DEBUG_NAME rights and can kill the app. How do I get around this? other programs acheive this, like some firewall apps still return access denied when trying to kill the task in Win XP. I understand using the kill cmd line tool from one of the SDK will always force the app to die. but I want to be able to stop the task manager form end task the app. Any ideas? Thanks Luke