Python |停止用户杀进程

发布于 2024-12-18 14:56:30 字数 1014 浏览 0 评论 0原文

这里提到了一个非常酷的功能:

防止用户进程被进程资源管理器中的“结束进程”杀死

有谁知道如何将此 C++ 代码转换为 Python (或重新编辑它,以便它至少在 C/C++ 中编译,假设这就是什么这是 在):

static const bool ProtectProcess()
{
    HANDLE hProcess = GetCurrentProcess();
    EXPLICIT_ACCESS denyAccess = {0};
    DWORD dwAccessPermissions = GENERIC_WRITE|PROCESS_ALL_ACCESS|WRITE_DAC|DELETE|WRITE_OWNER|READ_CONTROL;
    BuildExplicitAccessWithName( &denyAccess, _T("CURRENT_USER"), dwAccessPermissions, DENY_ACCESS, NO_INHERITANCE );
    PACL pTempDacl = NULL;
    DWORD dwErr = 0;
    dwErr = SetEntriesInAcl( 1, &denyAccess, NULL, &pTempDacl );
    // check dwErr...
    dwErr = SetSecurityInfo( hProcess, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, pTempDacl, NULL );
    // check dwErr...
    LocalFree( pTempDacl );
    CloseHandle( hProcess );
    return dwErr == ERROR_SUCCESS;
}

A very cool function was mentioned here:

Prevent user process from being killed with "End Process" from Process Explorer

Does anyone know how to translate this C++ code to Python (or re-edit it so that it at least compiles in C/C++, assuming that is what it is in):

static const bool ProtectProcess()
{
    HANDLE hProcess = GetCurrentProcess();
    EXPLICIT_ACCESS denyAccess = {0};
    DWORD dwAccessPermissions = GENERIC_WRITE|PROCESS_ALL_ACCESS|WRITE_DAC|DELETE|WRITE_OWNER|READ_CONTROL;
    BuildExplicitAccessWithName( &denyAccess, _T("CURRENT_USER"), dwAccessPermissions, DENY_ACCESS, NO_INHERITANCE );
    PACL pTempDacl = NULL;
    DWORD dwErr = 0;
    dwErr = SetEntriesInAcl( 1, &denyAccess, NULL, &pTempDacl );
    // check dwErr...
    dwErr = SetSecurityInfo( hProcess, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, pTempDacl, NULL );
    // check dwErr...
    LocalFree( pTempDacl );
    CloseHandle( hProcess );
    return dwErr == ERROR_SUCCESS;
}

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

神经大条 2024-12-25 14:56:30

这是您发布的代码的相当粗略的 ctypes 翻译。它甚至看起来有效!请注意,我删除了对 CloseHandle 的调用,这是完全错误的。您不应在伪句柄上调用 CloseHandle,这就是 GetCurrentProcess 返回。

from ctypes import *
from ctypes.wintypes import *
from win32con import *

class TRUSTEE(Structure):
    pass

TRUSTEE._fields_ = (
    ('pMultipleTrustee', POINTER(TRUSTEE)),
    ('MultipleTrusteeOperation', c_int),
    ('TrusteeForm', c_int),
    ('TrusteeType', c_int),
    ('ptstrName', LPSTR)
)

class EXPLICIT_ACCESS(Structure):
    _fields_ = (
        ('grfAccessPermissions', DWORD),
        ('grfAccessMode', c_int),
        ('grfInheritance', DWORD),
        ('Trustee', TRUSTEE)
    )

GetCurrentProcess = windll.kernel32.GetCurrentProcess
GetCurrentProcess.restype = HANDLE
hProcess = GetCurrentProcess()

denyAccess = EXPLICIT_ACCESS()
dwAccessPermissions = DWORD(GENERIC_WRITE|PROCESS_ALL_ACCESS|WRITE_DAC|DELETE|WRITE_OWNER|READ_CONTROL);

BuildExplicitAccessWithName = windll.advapi32.BuildExplicitAccessWithNameA
BuildExplicitAccessWithName.restype = None
DENY_ACCESS = 3
NO_INHERITANCE = 0
BuildExplicitAccessWithName(byref(denyAccess), 'CURRENT_USER', dwAccessPermissions, DENY_ACCESS, NO_INHERITANCE)

SetEntriesInAcl = windll.advapi32.SetEntriesInAclA
SetEntriesInAcl.restype = DWORD
SetEntriesInAcl.argtypes = (ULONG, POINTER(EXPLICIT_ACCESS), c_voidp, POINTER(c_voidp))
pTempDacl = c_voidp()
dwErr = SetEntriesInAcl(1, byref(denyAccess), None, byref(pTempDacl));

SetSecurityInfo = windll.advapi32.SetSecurityInfo
SetSecurityInfo.restype = DWORD
SetSecurityInfo.argtypes = (HANDLE, c_int, DWORD, c_voidp, c_voidp, c_voidp, c_voidp)
SE_KERNEL_OBJECT = 6
dwErr = SetSecurityInfo(hProcess, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, None, None, pTempDacl, None);

LocalFree = windll.kernel32.LocalFree
LocalFree.restype = c_voidp
LocalFree.argtypes = (c_voidp,)
LocalFree(pTempDacl)

Here is a rather crude ctypes translation of the code you posted. It even appears to work! Note that I remove the call to CloseHandle which is simply wrong. You should not call CloseHandle on a pseudo-handle, which is what GetCurrentProcess returns.

from ctypes import *
from ctypes.wintypes import *
from win32con import *

class TRUSTEE(Structure):
    pass

TRUSTEE._fields_ = (
    ('pMultipleTrustee', POINTER(TRUSTEE)),
    ('MultipleTrusteeOperation', c_int),
    ('TrusteeForm', c_int),
    ('TrusteeType', c_int),
    ('ptstrName', LPSTR)
)

class EXPLICIT_ACCESS(Structure):
    _fields_ = (
        ('grfAccessPermissions', DWORD),
        ('grfAccessMode', c_int),
        ('grfInheritance', DWORD),
        ('Trustee', TRUSTEE)
    )

GetCurrentProcess = windll.kernel32.GetCurrentProcess
GetCurrentProcess.restype = HANDLE
hProcess = GetCurrentProcess()

denyAccess = EXPLICIT_ACCESS()
dwAccessPermissions = DWORD(GENERIC_WRITE|PROCESS_ALL_ACCESS|WRITE_DAC|DELETE|WRITE_OWNER|READ_CONTROL);

BuildExplicitAccessWithName = windll.advapi32.BuildExplicitAccessWithNameA
BuildExplicitAccessWithName.restype = None
DENY_ACCESS = 3
NO_INHERITANCE = 0
BuildExplicitAccessWithName(byref(denyAccess), 'CURRENT_USER', dwAccessPermissions, DENY_ACCESS, NO_INHERITANCE)

SetEntriesInAcl = windll.advapi32.SetEntriesInAclA
SetEntriesInAcl.restype = DWORD
SetEntriesInAcl.argtypes = (ULONG, POINTER(EXPLICIT_ACCESS), c_voidp, POINTER(c_voidp))
pTempDacl = c_voidp()
dwErr = SetEntriesInAcl(1, byref(denyAccess), None, byref(pTempDacl));

SetSecurityInfo = windll.advapi32.SetSecurityInfo
SetSecurityInfo.restype = DWORD
SetSecurityInfo.argtypes = (HANDLE, c_int, DWORD, c_voidp, c_voidp, c_voidp, c_voidp)
SE_KERNEL_OBJECT = 6
dwErr = SetSecurityInfo(hProcess, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, None, None, pTempDacl, None);

LocalFree = windll.kernel32.LocalFree
LocalFree.restype = c_voidp
LocalFree.argtypes = (c_voidp,)
LocalFree(pTempDacl)
蔚蓝源自深海 2024-12-25 14:56:30

使用 ctypes 怎么样?您也可以尝试 pywin32。您还可以尝试使用 IronPython。对于 ActivePython,有 win32api

另外,我不知道你为什么想要实现这一目标背后的原因,这意味着可能有一些更优雅的解决方案可用。

How about using ctypes? You could also try pywin32. You could also try using IronPython. For ActivePython there is win32api.

Also, I don't know your reasoning behind why you want to achieve that, which means there is potentially some more elegant solution available.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文