Postado Qui Mar 05, 2015 12:34 am
left] Navegando pela net achei um código bem interessante, ele protege sua aplicação.
Basicamente o que deu pra entender ele protege contra o famoso taskkill do cmd e
contra o gerenciador do windows, no meu caso quando tentei fechar o form1 pelo
gerenciador do windows deu despejo de memoria (tela azul).[/left]
Vou deixar ele aqui!
Na onde achei o code falarão que não sabe o nome do criador então vou deixar sem aqui também.
Basicamente o que deu pra entender ele protege contra o famoso taskkill do cmd e
contra o gerenciador do windows, no meu caso quando tentei fechar o form1 pelo
gerenciador do windows deu despejo de memoria (tela azul).[/left]
Vou deixar ele aqui!
- Código:
Imports System.Runtime.InteropServices
- Código:
#Region "Process Protection"
Public Const SE_DEBUG_NAME As String = "SeDebugPrivilege"
Public Const SE_SHUTDOWN_NAME As String = "SeShutdownPrivilege"
Public Const SE_SECURITY_NAME As String = "SeSecurityPrivileges"
Public Const SE_TCB_NAME As String = "SeTcbPrivileges"
Public Const SE_TAKE_OWNERSHIP_NAME As String = "SeTakeOwnershipPrivileges"
Private Structure LUID
Public LowPart As Integer
Public HighPart As Integer
End Structure
Private Structure LUID_AND_ATTRIBUTES
Public pLuid As LUID
Public Attributes As Integer
End Structure
Private Structure TOKEN_PRIVILEGES
Public PrivilegeCount As Integer
<MarshalAs(UnmanagedType.ByValArray, SizeConst:=ANYSIZE_ARRAY)> _
Public Privileges() As LUID_AND_ATTRIBUTES
End Structure
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Ansi Function OpenProcessToken Lib "advapi32.dll" (ByVal ProcessHandle As IntPtr, ByVal DesiredAccess As Integer, ByRef TokenHandle As IntPtr) As Integer
Private Declare Ansi Function LookupPrivilegeValue Lib "advapi32.dll" Alias "LookupPrivilegeValueA" (ByVal lpSystemName As String, ByVal lpName As String, ByRef lpLuid As LUID) As Integer
Private Declare Ansi Function AdjustTokenPrivileges Lib "advapi32.dll" (ByVal TokenHandle As IntPtr, ByVal DisableAllPrivileges As Boolean, ByRef NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Integer, ByRef PreviousState As TOKEN_PRIVILEGES, ByRef ReturnLength As IntPtr) As Integer
Private Declare Function CloseHandle Lib "kernel32.dll" (ByVal hHandle As IntPtr) As Boolean
Public Declare Sub RtlSetProcessIsCritical Lib "ntdll.dll" (ByVal NewValue As Boolean, ByVal OldValue As Boolean, ByVal WinLogon As Boolean)
Private Const TOKEN_ADJUST_PRIVILEGES As Integer = &H20
Private Const TOKEN_QUERY As Integer = &H8
Private Const SE_PRIVILEGE_ENABLED As Integer = &H2
Private Const ANYSIZE_ARRAY As Integer = 1
Public Function GetPrivileges(ByVal privileges As String) As Boolean
Dim hToken As IntPtr
Dim hProcess As IntPtr = Process.GetCurrentProcess().Handle
Dim uid_Debug As LUID
Dim luaAttr As New LUID_AND_ATTRIBUTES
Dim newState As New TOKEN_PRIVILEGES
Dim prevState As TOKEN_PRIVILEGES = New TOKEN_PRIVILEGES
Dim returnLength As IntPtr
Try
If LookupPrivilegeValue("", privileges, uid_Debug) = 0 Then Return False
If OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY, hToken) = 0 Then Return False
luaAttr.pLuid = uid_Debug
luaAttr.Attributes = SE_PRIVILEGE_ENABLED
newState.PrivilegeCount = 1
newState.Privileges = New LUID_AND_ATTRIBUTES() {luaAttr}
ReDim prevState.Privileges(CInt(newState.PrivilegeCount))
If AdjustTokenPrivileges(hToken, False, newState, Marshal.SizeOf(prevState), prevState, returnLength) = 0 Then Return False
Finally
CloseHandle(hToken)
End Try
Return True
End Function
#End Region
No load do form coloque essas linhas:
- Código:
GetPrivileges(SE_SECURITY_NAME)
RtlSetProcessIsCritical(True, False, False)
Na onde achei o code falarão que não sabe o nome do criador então vou deixar sem aqui também.