Posted by: Christian Wimmer in: JEDI Windows Security Code Lib
The following code is really simple. It restricts access to the current process. In this way no other process can open the process handle and for example terminate this process.
SD : TJwSecurityDescriptor;
hProcess : TJwProcessHandle;
hProcess := OpenProcess(READ_CONTROL or WRITE_DAC, false, GetCurrentProcessId());
if hProcess <> 0 then
SD := TJwSecureGeneralObject.GetSecurityInfo(hProcess,SE_KERNEL_OBJECT, [siDaclSecurityInformation]);
SD.DACL.Add(TJwDiscretionaryAccessControlEntryAllow.Create(nil, , GENERIC_ALL, JwLocalSystemSID));
//allow read access to the current user
SD.DACL.Add(TJwDiscretionaryAccessControlEntryAllow.Create(nil, , GENERIC_READ, JwSecurityProcessUserSID));
TJwSecureGeneralObject.SetSecurityInfo(hProcess, SE_KERNEL_OBJECT, [siDaclSecurityInformation], SD);
However there are some problems:
The only way to prevent a restricted user from terminating the application is to run the process with a foreign account (e.g. CreateProcessAsUser) and make sure that the user is not listed in the DACL. However if this user gets the DEBUG privilege the game is over.