如何防止我生成的进程生成子进程？

发布于 2024-12-28 10:28:21 字数 744 浏览 2 评论 0原文

我的 Windows XP/7 程序使用 Windows API CreateProcess() 函数启动一个子进程作为其操作的一部分。我希望能够以一种但仅一种特定的方式“沙箱”应用程序。我不想让子进程产生自己的进程（孙进程）。有没有一种方法可以做到这一点，而无需进行任何挂钩或 DLL 注入（或 IAT 修补）？

我看到了有关进程安全和访问权限的 MSDN 页面：

http://msdn.microsoft.com/en-us/library/windows/desktop/ms684880(v=vs.85).aspx

我注意到以下进程特定的访问权限：

PROCESS_CREATE_PROCESS (0x0080) Required to create a process.

我可以在挂起状态下启动子进程，通过 XOR 操作删除该访问权限，使用 SetSecurityDescriptor() 更新子进程的访问权限，然后恢复它以防止其创建自己的子进程流程？或者我应该将其应用到磁盘上的 EXE 文件？这行得通吗？

如果是这样，我希望有一个使用 SetSecurityDescriptor() 的良好代码示例，它可以向我展示正确执行此操作的细微差别。如果这种方法行不通，我们将不胜感激您的任何想法或提示。

原文

My Windows XP/7 program launches a child process using the Windows API CreateProcess() function as part of its operations. I want to be able to "sandbox" the application in one but only one particular way. I do not want to let the child process spawn processes of its own (grandchildren). Is there a way to do this without having to do any hooking or DLL injections (or IAT patching)?

I saw this MSDN page on Process Security and Access Rights:

http://msdn.microsoft.com/en-us/library/windows/desktop/ms684880(v=vs.85).aspx

I noticed the following process specific access rights:

PROCESS_CREATE_PROCESS (0x0080) Required to create a process.

Could I launch the child process in the suspended state, remove that access right via an XOR operation, update the child process' access rights with SetSecurityDescriptor(), and resume it to keep it from creating its own child processes? Or should I apply it to the EXE file on disk instead? Would this work?

If so, I'd appreciate a good code sample using SetSecurityDescriptor() that would show me the nuances of doing this propertly. If this approach would not work, any ideas or tips you might have would be appreciated.

分享到QQ

分享到微博