Skip to content

Instantly share code, notes, and snippets.

@iljavs

iljavs/Protect.cpp

Created October 21, 2020 16:53
Show Gist options
  • Save iljavs/8c424c3770cc8208eb01e8a354a19cd1 to your computer and use it in GitHub Desktop.
Save iljavs/8c424c3770cc8208eb01e8a354a19cd1 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Protect.cpp
#include <windows.h>
#include <stdio.h>
#define IOCTL_PROCESS_PROTECT_BY_PID CTL_CODE(FILE_DEVICE_UNKNOWN , 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_PROCESS_UNPROTECT_BY_PID CTL_CODE(FILE_DEVICE_UNKNOWN , 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_PROCESS_PROTECT_CLEAR CTL_CODE(FILE_DEVICE_UNKNOWN , 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
int main(int argc, char **argv) {
if (argc < 2) {
printf("<prog> <add|remove|clear> <pid>\n");
exit(0);
}
HANDLE h;
unsigned int ctlcode = IOCTL_PROCESS_PROTECT_BY_PID;
unsigned int pid = 0;
if (!_stricmp(argv[1], "clear")) {
ctlcode = IOCTL_PROCESS_PROTECT_CLEAR;
} else if (!_stricmp(argv[1], "add")) {
if (argc < 3) {
printf("<prog> <add|remove|clear> <pid>\n");
exit(0);
}
ctlcode = IOCTL_PROCESS_PROTECT_BY_PID;
pid = atoi(argv[2]);
}
else {
if (argc < 3) {
printf("<prog> <add|remove|clear> <pid>\n");
exit(0);
}
ctlcode = IOCTL_PROCESS_UNPROTECT_BY_PID;
pid = atoi(argv[2]);
}
HANDLE in = (HANDLE)pid;
h = CreateFile(L"\\\\.\\ProcProt", GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL);
if (h == INVALID_HANDLE_VALUE) {
printf("CreateFile failed\n");
exit(0);
}
DWORD bytes = 0;
BOOL r = DeviceIoControl(h, ctlcode, &in, sizeof(in), NULL, 0, &bytes, NULL);
printf("ioctl ret: %u\n", r);
return 0;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment