puppis42 · May 28, 2023 10:44
diff --git a/SetProcessCriticalWithDLL.cpp b/SetProcessCriticalWithDLL.cpp
 #include "pch.h"
 #include <windows.h>
 #include <stdio.h>

 typedef VOID(_stdcall* RtlSetProcessIsCritical) (
    IN BOOLEAN        NewValue,
    OUT PBOOLEAN OldValue, // (optional)
    IN BOOLEAN     IsWinlogon);

 BOOL EnablePriv(LPCSTR lpszPriv)
 {
    HANDLE hToken;
    LUID luid;
    TOKEN_PRIVILEGES tkprivs;
    ZeroMemory(&tkprivs, sizeof(tkprivs));

    if (!OpenProcessToken(GetCurrentProcess(), (TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY), &hToken))
        return FALSE;

    if (!LookupPrivilegeValue(NULL, (LPCWSTR)lpszPriv, &luid)) {
        CloseHandle(hToken); return FALSE;
    }

    tkprivs.PrivilegeCount = 1;
    tkprivs.Privileges[0].Luid = luid;
    tkprivs.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

    BOOL bRet = AdjustTokenPrivileges(hToken, FALSE, &tkprivs, sizeof(tkprivs), NULL, NULL);
    CloseHandle(hToken);
    return bRet;
 }

 BOOL ProtectProcess()
 {
    HANDLE hDLL;
    RtlSetProcessIsCritical fSetCritical;

    hDLL = LoadLibraryA("ntdll.dll");
    if (hDLL != NULL)
    {
        EnablePriv((LPCSTR)SE_DEBUG_NAME);
        (fSetCritical) = (RtlSetProcessIsCritical)GetProcAddress((HINSTANCE)hDLL, "RtlSetProcessIsCritical");
        if (!fSetCritical) return 0;
        fSetCritical(0, 0, 0); //0,0,0 disable critical | 1,0,0, set critical
        return 1;
    }
    else
        return 0;
 }

 HMODULE hModule2;
 DWORD __stdcall EjectThread(LPVOID lpParameter) {
    Sleep(100);
    FreeLibraryAndExitThread(hModule2, 0);
 }

 BOOL APIENTRY DllMain( HMODULE hModule,
                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
                     )
 {
    switch (ul_reason_for_call)
    {
    case DLL_PROCESS_ATTACH:
        ProtectProcess();

        hModule2 = hModule;
        CreateThread(0, 0, EjectThread, 0, 0, 0);
    case DLL_THREAD_ATTACH:
    case DLL_THREAD_DETACH:
    case DLL_PROCESS_DETACH:
        break;
    }
    return TRUE;
 }
	#include "pch.h"
	#include <windows.h>
	#include <stdio.h>

	typedef VOID(_stdcall* RtlSetProcessIsCritical) (
	IN BOOLEAN NewValue,
	OUT PBOOLEAN OldValue, // (optional)
	IN BOOLEAN IsWinlogon);

	BOOL EnablePriv(LPCSTR lpszPriv)
	{
	HANDLE hToken;
	LUID luid;
	TOKEN_PRIVILEGES tkprivs;
	ZeroMemory(&tkprivs, sizeof(tkprivs));

	if (!OpenProcessToken(GetCurrentProcess(), (TOKEN_ADJUST_PRIVILEGES \| TOKEN_QUERY), &hToken))
	return FALSE;

	if (!LookupPrivilegeValue(NULL, (LPCWSTR)lpszPriv, &luid)) {
	CloseHandle(hToken); return FALSE;
	}

	tkprivs.PrivilegeCount = 1;
	tkprivs.Privileges[0].Luid = luid;
	tkprivs.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

	BOOL bRet = AdjustTokenPrivileges(hToken, FALSE, &tkprivs, sizeof(tkprivs), NULL, NULL);
	CloseHandle(hToken);
	return bRet;
	}

	BOOL ProtectProcess()
	{
	HANDLE hDLL;
	RtlSetProcessIsCritical fSetCritical;

	hDLL = LoadLibraryA("ntdll.dll");
	if (hDLL != NULL)
	{
	EnablePriv((LPCSTR)SE_DEBUG_NAME);
	(fSetCritical) = (RtlSetProcessIsCritical)GetProcAddress((HINSTANCE)hDLL, "RtlSetProcessIsCritical");
	if (!fSetCritical) return 0;
	fSetCritical(0, 0, 0); //0,0,0 disable critical \| 1,0,0, set critical
	return 1;
	}
	else
	return 0;
	}

	HMODULE hModule2;
	DWORD __stdcall EjectThread(LPVOID lpParameter) {
	Sleep(100);
	FreeLibraryAndExitThread(hModule2, 0);
	}

	BOOL APIENTRY DllMain( HMODULE hModule,
	DWORD ul_reason_for_call,
	LPVOID lpReserved
	)
	{
	switch (ul_reason_for_call)
	{
	case DLL_PROCESS_ATTACH:
	ProtectProcess();

	hModule2 = hModule;
	CreateThread(0, 0, EjectThread, 0, 0, 0);
	case DLL_THREAD_ATTACH:
	case DLL_THREAD_DETACH:
	case DLL_PROCESS_DETACH:
	break;
	}
	return TRUE;
	}