Skip to content

Instantly share code, notes, and snippets.

@dennisfischer
Created October 31, 2015 14:21
Show Gist options
  • Save dennisfischer/f903cac7279939fa0b29 to your computer and use it in GitHub Desktop.
Save dennisfischer/f903cac7279939fa0b29 to your computer and use it in GitHub Desktop.
Deny access from outside on VM operations + DUP_HANDLE
// testProject.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
//Source @http://www.experts-exchange.com/Programming/Microsoft_Development/Q_27484672.html
int main()
{
EXPLICIT_ACCESS eDeny;
//All possible access rights can be found @https://msdn.microsoft.com/en-us/library/windows/desktop/ms684880(v=vs.85).aspx
//PROCESS_VM_OPERATION, PROCESS_VM_WRITE, PROCESS_VM_READ and PROCESS_DUP_HANDLE have been removed to harden against VM WPM/RPM attacks.
DWORD dwAccessPermissions = GENERIC_WRITE | WRITE_DAC | DELETE | WRITE_OWNER | READ_CONTROL | PROCESS_CREATE_PROCESS | PROCESS_CREATE_THREAD
| PROCESS_QUERY_INFORMATION | PROCESS_QUERY_LIMITED_INFORMATION | PROCESS_SET_INFORMATION | PROCESS_SET_QUOTA |
PROCESS_SUSPEND_RESUME | PROCESS_TERMINATE | SYNCHRONIZE;
//get process handle
PACL pDacl = nullptr;
BuildExplicitAccessWithName(&eDeny, TEXT("CURRENT_USER"), dwAccessPermissions, DENY_ACCESS, NO_INHERITANCE);
SetEntriesInAcl(1, &eDeny, nullptr, &pDacl);
SetSecurityInfo(GetCurrentProcess(), SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, nullptr, nullptr, pDacl, nullptr);
LocalFree(pDacl);
while(true)
{
Sleep(1000);
std::cout << "Still running!" << std::endl;
}
return 0;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment