文件占坑,防止删除大法
exe文件占坑:
//
#include
//提权函数
void RaiseToDebugP()
{
HANDLE hToken;
HANDLE hProcess = GetCurrentProcess();
if ( OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken) )
{
TOKEN_PRIVILEGES tkp;
if ( LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tkp.Privileges[0].Luid) )
{
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
BOOL bREt = AdjustTokenPrivileges(hToken, FALSE, &tkp, 0, NULL, 0) ;
}
CloseHandle(hToken);
}
}
BOOL OccupyFile( LPCTSTR lpFileName )
{
BOOL bRet;
//提升自身权限
RaiseToDebugP();
//打开一个pid为4的进程,只要是存在的进程,都可以
HANDLE hProcess = OpenProcess( PROCESS_DUP_HANDLE, FALSE, 4); // 4为system进程号
if ( hProcess == NULL )
{
return FALSE;
}
HANDLE hFile;
HANDLE hTargetHandle;
//以独占模式打开目标文件
hFile = CreateFile( lpFileName, GENERIC_READ, 0, NULL, OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL, NULL);
if ( hFile == INVALID_HANDLE_VALUE )
{
CloseHandle( hProcess );
return FALSE;
}
//把文件句柄复制到pid=4的进程中去,这样,只要pid=4的进程不退出,谁也动不了目标文件
bRet = DuplicateHandle( GetCurrentProcess(), hFile, hProcess, &hTargetHandle,
0, FALSE, DUPLICATE_SAME_ACCESS|DUPLICATE_CLOSE_SOURCE);
CloseHandle( hProcess );
return bRet;
}
//入口函数
int main()
{
OccupyFile("D://Program Files//工具软件//任务管理.exe");
return 0;
}
/
任意文件占坑法,这要求C盘必须是NTFS的
http://hi.baidu.com/buaa_dep6/blog/item/46386b42e7ab71199313c607.html
#include
#include
#include "StdAfx.h"
//raise to debug privilege
BOOL RaisePrivilege()
{
BOOL bRet = FALSE;
HANDLE hToken;
if(OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,&hToken))
{
TOKEN_PRIVILEGES tkp;
if(LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&tkp.Privileges[0].Luid))
{
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
bRet = AdjustTokenPrivileges(hToken,FALSE,&tkp,0,NULL,0);
}
}
CloseHandle(hToken);
return bRet;
}
//duplicate the file handle to process "system"
BOOL DuplicateFileHanlde(LPCTSTR lpFileName)
{
HANDLE hFile,hTargetFile,hTargetProcess;
BOOL bRet = FALSE;
if(INVALID_HANDLE_VALUE == (hFile = CreateFile(lpFileName,GENERIC_READ,0,NULL,
CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL)))
{
CloseHandle(hFile);
printf("CreateFile failed,Errid %d/n",GetLastError());
return bRet;
}
if(INVALID_HANDLE_VALUE == (hTargetProcess = OpenProcess(PROCESS_DUP_HANDLE,FALSE,4)))
{
CloseHandle(hFile);
CloseHandle(hTargetProcess);
printf("OpenProcess failed,Errid %d/n",GetLastError());
return bRet;
}
bRet = DuplicateHandle(GetCurrentProcess(),hFile,hTargetProcess,&hTargetFile,0,
FALSE,DUPLICATE_SAME_ACCESS | DUPLICATE_CLOSE_SOURCE);
CloseHandle(hTargetProcess);
return bRet;
}
//establish a hard link between 2 files
void HardLinkFile(LPCTSTR lpFileName,LPCTSTR lpExistingFileName)
{
typedef BOOL (__stdcall *pCreateHardLink)
(LPCTSTR lpFileName,
LPCTSTR lpExistingFileName,
LPSECURITY_ATTRIBUTES lpSecurityAttributes
);
pCreateHardLink myCreateHardLink = (pCreateHardLink)GetProcAddress(LoadLibrary("kernel32.dll"),"CreateHardLinkA");
if(!myCreateHardLink(lpFileName,lpExistingFileName,NULL))
printf("CreateHardLink failed Errid %d/n",GetLastError());
}
int main()
{
HANDLE hFile = CreateFile("c://windows//system32//371.DLL",FILE_WRITE_DATA,
FILE_SHARE_READ | FILE_SHARE_WRITE,NULL,CREATE_ALWAYS,0,0);
if(hFile == INVALID_HANDLE_VALUE)
{
printf("CreateFile failed Errid %d/n",GetLastError());
CloseHandle(hFile);
return 0;
}
HardLinkFile("c://pross","c://windows//system32//371.DLL");
CloseHandle(hFile);
if(RaisePrivilege())
if(!DuplicateFileHanlde("c://pross"))
{
printf("DuplicateHandle failed,Errid %d/n",GetLastError());
return 0;
}
return 0;
}
///