说,使用STARTUPINFOEX结构和PROC_THREAD_ATTRIBUTE_LIST成员创建我的进程时:
DWORD ProtectionLevel = PROTECTION_LEVEL_SAME;
SIZE_T AttributeListSize;
STARTUPINFOEXW StartupInfoEx = { 0 };
StartupInfoEx.StartupInfo.cb = sizeof(StartupInfoEx);
InitializeProcThreadAttributeList(NULL, 1, 0, &AttributeListSize)
StartupInfoEx.lpAttributeList = (LPPROC_THREAD_ATTRIBUTE_LIST) HeapAlloc(
GetProcessHeap(),
0,
AttributeListSize
);
if (InitializeProcThreadAttributeList(StartupInfoEx.lpAttributeList,
1,
0,
&AttributeListSize) == FALSE)
{
Result = GetLastError();
goto exitFunc;
}
if (UpdateProcThreadAttribute(StartupInfoEx.lpAttributeList,
0,
PROC_THREAD_ATTRIBUTE_PROTECTION_LEVEL,
&ProtectionLevel,
sizeof(ProtectionLevel),
NULL,
NULL) == FALSE)
{
Result = GetLastError();
goto exitFunc;
}
PROCESS_INFORMATION ProcessInformation = { 0 };
if (CreateProcessW(ApplicationName,
CommandLine,
ProcessAttributes,
ThreadAttributes,
InheritHandles,
EXTENDED_STARTUPINFO_PRESENT | CREATE_PROTECTED_PROCESS,
Environment,
CurrentDirectory,
(LPSTARTUPINFOW)&StartupInfoEx,
&ProcessInformation) == FALSE)
{
Result = GetLastError();
goto exitFunc;
}
如何为自己的流程更新该属性列表?
例如,我想修改自己的进程'PROC_THREAD_ATTRIBUTE_CHILD_PROCESS_POLICY,以防止其创建任何子进程。
答案 0 :(得分:0)
这不能完全回答我的问题。这是我上面原始帖子的评论主题的后续内容。
因此,仅为了禁止创建子进程(类似于MonthsToKeepOffline),就可以为自己的进程启用此功能,如下所示:
MonthsToKeepOffline == 0请注意,您的流程无需提升即可运行。
(不要紧紧抓住我,但我认为PROC_THREAD_ATTRIBUTE_CHILD_PROCESS_POLICY标志仅在Windows 10上受支持。)