防止注入的代码
2007-08-22 09:43
204 查看
1#define PROTECTED_DACL_SECURITY_INFORMATION (0x80000000L)
2
3BOOL Lock_CurrentProcess()
4 HANDLE hProcess = ::GetCurrentProcess();
6 SID_IDENTIFIER_AUTHORITY sia = SECURITY_WORLD_SID_AUTHORITY;
7 PSID pSid;
8 BOOL bSus = FALSE;
9 bSus = ::AllocateAndInitializeSid(&sia,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,&pSid);
10 if(!bSus) goto Cleanup;
11 HANDLE hToken;
12 bSus = ::OpenProcessToken(hProcess,TOKEN_QUERY,&hToken);
13 if(!bSus) goto Cleanup;
14 DWORD dwReturnLength;
15 ::GetTokenInformation(hToken,TokenUser,NULL,NULL,&dwReturnLength);
16 if(dwReturnLength > 0x400) goto Cleanup;
17 LPVOID TokenInformation;
18 TokenInformation = ::LocalAlloc(LPTR,0x400);//这里就引用SDK的函数不引
19
20用CRT的了
21 DWORD dw;
22 bSus = ::GetTokenInformation(hToken,TokenUser,TokenInformation,0x400,&dw);
23 if(!bSus) goto Cleanup;
24 PTOKEN_USER pTokenUser = (PTOKEN_USER)TokenInformation;
25 BYTE Buf[0x200];
26 PACL pAcl = (PACL)&Buf;
27 bSus = ::InitializeAcl(pAcl,1024,ACL_REVISION);
28 if(!bSus) goto Cleanup;
29 bSus = ::AddAccessDeniedAce(pAcl,ACL_REVISION,0x000000FA,pSid);
30 if(!bSus) goto Cleanup;
31 bSus = ::AddAccessAllowedAce(pAcl,ACL_REVISION,0x00100701,pTokenUser->User.Sid);
32 if(!bSus) goto Cleanup;
33 if(::SetSecurityInfo(hProcess,SE_KERNEL_OBJECT,DACL_SECURITY_INFORMATION |
34PROTECTED_DACL_SECURITY_INFORMATION,NULL,NULL,pAcl,NULL) == 0)
35 bSus = TRUE;
36Cleanup:
37 if(hProcess != NULL)
38 ::CloseHandle(hProcess);
39 if(pSid != NULL)
40 ::FreeSid(pSid);
41 return bSus;
42
43}
这段代码就可以锁住其他进程打开本进程,当然也就防止了注入,和读写内存.
可以更绝点Denied ALL ACCESS(0xFFFFFFFF)就连结束都不可能了
::AllocateAndInitializeSid 可以换成 :: InitializeSid .因为我们并不需要初始化子Sid.
另外.
bSus = ::AddAccessDeniedAce(pAcl,ACL_REVISION,0x000000FA,pSid);
if(!bSus) goto Cleanup;
bSus = ::AddAccessAllowedAce(pAcl,ACL_REVISION,0x00100701,pTokenUser->User.Sid);
实际上只需要下面的一句,或者干脆把它去掉,因为如果不添加Ace默认就是没有权限.既然这样上面的那句话AllocateAndInitializeSid 也可以省掉,也似乎有些多余
2
3BOOL Lock_CurrentProcess()
4 HANDLE hProcess = ::GetCurrentProcess();
6 SID_IDENTIFIER_AUTHORITY sia = SECURITY_WORLD_SID_AUTHORITY;
7 PSID pSid;
8 BOOL bSus = FALSE;
9 bSus = ::AllocateAndInitializeSid(&sia,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,&pSid);
10 if(!bSus) goto Cleanup;
11 HANDLE hToken;
12 bSus = ::OpenProcessToken(hProcess,TOKEN_QUERY,&hToken);
13 if(!bSus) goto Cleanup;
14 DWORD dwReturnLength;
15 ::GetTokenInformation(hToken,TokenUser,NULL,NULL,&dwReturnLength);
16 if(dwReturnLength > 0x400) goto Cleanup;
17 LPVOID TokenInformation;
18 TokenInformation = ::LocalAlloc(LPTR,0x400);//这里就引用SDK的函数不引
19
20用CRT的了
21 DWORD dw;
22 bSus = ::GetTokenInformation(hToken,TokenUser,TokenInformation,0x400,&dw);
23 if(!bSus) goto Cleanup;
24 PTOKEN_USER pTokenUser = (PTOKEN_USER)TokenInformation;
25 BYTE Buf[0x200];
26 PACL pAcl = (PACL)&Buf;
27 bSus = ::InitializeAcl(pAcl,1024,ACL_REVISION);
28 if(!bSus) goto Cleanup;
29 bSus = ::AddAccessDeniedAce(pAcl,ACL_REVISION,0x000000FA,pSid);
30 if(!bSus) goto Cleanup;
31 bSus = ::AddAccessAllowedAce(pAcl,ACL_REVISION,0x00100701,pTokenUser->User.Sid);
32 if(!bSus) goto Cleanup;
33 if(::SetSecurityInfo(hProcess,SE_KERNEL_OBJECT,DACL_SECURITY_INFORMATION |
34PROTECTED_DACL_SECURITY_INFORMATION,NULL,NULL,pAcl,NULL) == 0)
35 bSus = TRUE;
36Cleanup:
37 if(hProcess != NULL)
38 ::CloseHandle(hProcess);
39 if(pSid != NULL)
40 ::FreeSid(pSid);
41 return bSus;
42
43}
这段代码就可以锁住其他进程打开本进程,当然也就防止了注入,和读写内存.
可以更绝点Denied ALL ACCESS(0xFFFFFFFF)就连结束都不可能了
::AllocateAndInitializeSid 可以换成 :: InitializeSid .因为我们并不需要初始化子Sid.
另外.
bSus = ::AddAccessDeniedAce(pAcl,ACL_REVISION,0x000000FA,pSid);
if(!bSus) goto Cleanup;
bSus = ::AddAccessAllowedAce(pAcl,ACL_REVISION,0x00100701,pTokenUser->User.Sid);
实际上只需要下面的一句,或者干脆把它去掉,因为如果不添加Ace默认就是没有权限.既然这样上面的那句话AllocateAndInitializeSid 也可以省掉,也似乎有些多余
相关文章推荐
- 防止数据库被注入恶意代码
- .Net程序防止被注入代码(整站通用)分享
- 防止注入的代码
- 很好用的 web防止sql 注入 xss 攻击 目录遍历代码
- 网站防止注入入侵的一些有效代码和方法
- win 2003 IIS如何防止代码注入
- asp防止sql 语句注入的代码
- 【变量过滤】防止代码注入
- 防止android代码注入的方法
- iOS程序 防止动态调试和代码注入
- 防止android代码注入的办法
- 防止注入的代码
- 求助,这个代码,怎么样防止注入
- PHP简单代码防止SQL注入
- Java防止路径操控和命令注入 代码
- JNI防止Android游戏恶意注入代码的方法(转)
- hibernate查询防止代码注入
- C#,Asp.net 防止Sql 注入代码
- 防止注入代码