Jump to content
Nytro

Set a process as critical process using NtSetInformationProcess function

By Nytro, in Programare

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

[h=1]Set a process as critical process using NtSetInformationProcess function[/h]by

[h=3]zwclose7[/h]The NtSetInformationProcess function can be used to set a process as critical process. The system will bug check the system with the bug check code CRITICAL_PROCESS_TERMINATION (0xF4) when the critical process is terminated.

To set a process as critical process using NtSetInformationProcess function, the caller must have SeDebugPrivilege enabled. This privilege can be enabled using the RtlAdjustPrivilege function.

To set a process as critical process, call NtSetInformationProcess with ProcessBreakOnTermination (0x1D) information class.

NTSTATUS NTAPI RtlAdjustPrivilege(ULONG Privilege,BOOLEAN Enable,BOOLEAN EnableForThread,PBOOLEAN OldValue);

NTSTATUS NTAPI NtSetInformationProcess(HANDLE ProcessHandle,PROCESS_INFORMATION_CLASS ProcessInformationClass,PVOID ProcessInformation,ULONG ProcessInformationLength);

post-35696-0-99073400-1376137402_thumb.png

post-35696-0-41162400-1376137411_thumb.png

Commands:

on - Set the current process as critical process.

off - Cancel the critical process status.

exit - Terminate the program. If you terminate the program whlie the critical process status is on, the system will crash!

#include <stdio.h>

#include <Windows.h>

#include <winternl.h>

#pragma comment(lib,"ntdll.lib")

EXTERN_C NTSTATUS NTAPI RtlAdjustPrivilege(ULONG,BOOLEAN,BOOLEAN,PBOOLEAN);

EXTERN_C NTSTATUS NTAPI NtSetInformationProcess(HANDLE,ULONG,PVOID,ULONG);

int main()

{

BOOLEAN bl;

ULONG BreakOnTermination;

NTSTATUS status;

char cmd[10];

//To set a process as critical process using NtSetInformationProcess function, the caller must have SeDebugPrivilege enabled.

if(!NT_SUCCESS(RtlAdjustPrivilege(20,TRUE,FALSE,&bl)))

{

printf("Unable to enable SeDebugPrivilege. Make sure you are running this program as administrator.");

return 1;

}

printf("Commands:\n\n");

printf("on - Set the current process as critical process.\noff - Cancel the critical process status.\nexit - Terminate the current process.\n\n");

while(1)

{

scanf("%s",cmd);

if(!strcmp("on",cmd))

{

BreakOnTermination=1;

status=NtSetInformationProcess((HANDLE)-1,0x1d,&BreakOnTermination,sizeof(ULONG));

if(status!=0)

{

printf("Error: Unable to set the current process as critical process. NtSetInformationProcess failed with status %#x\n\n",status);

}

else

{

printf("Successfully set the current process as critical process.\n\n");

}

}

else if(!strcmp("off",cmd))

{

BreakOnTermination=0;

status=NtSetInformationProcess((HANDLE)-1,0x1d,&BreakOnTermination,sizeof(ULONG));

if(status!=0)

{

printf("Error: Unable to cancel critical process status. NtSetInformationProcess failed with status %#x\n\n",status);

}

else

{

printf("Successfully canceled critical process status.\n\n");

}

}

else if(!strcmp("exit",cmd))

{

break;

}

}

return 0;

}

[h=4]Attached Thumbnails[/h]

  • post-35696-0-41162400-1376137411_thumb.png
  • post-35696-0-99073400-1376137402_thumb.png

[h=4]Attached Files[/h] zip.gif critproc.zip 305.83K

Sursa: Set a process as critical process using NtSetInformationProcess function - rohitab.com - Forums

staticwater Newbie

staticwater

Posted
Posted

For Delphi/Lazarus lovers...translated to pascal! :)


program SetProcessCritical;

{$APPTYPE CONSOLE}

uses
  Windows;

  function RtlAdjustPrivilege(Privilege: ULONG; Enable: BOOL; CurrentThread: BOOL; var Enabled: PBOOL): DWORD; stdcall; external 'ntdll.dll';
  function NtSetInformationProcess(ProcHandle: THandle; ProcInfoClass: ULONG; ProcInfo: Pointer;  ProcInfoLength: ULONG): HResult; WINAPI; external 'ntdll.dll';

var
  Cmd: string[10];
  bl: PBOOL;
  BreakOnTermination: ULONG;
  HRES: HRESULT;
begin
  if not RtlAdjustPrivilege($14, True, True, bl) = 0 then
  begin
    writeln('Unable to enable SeDebugPrivilege. Make sure you are running this program as administrator.');
    Exit;
  end;
  writeln('Commands:' + #13#10 +
          'on - Set the current process as critical process.' + #13#10 +
          'off - Cancel the critical process status.' + #13#10 +
          'exit - Terminate the current process.');
  while True do
  begin
    Readln(cmd);
    if Cmd = 'on' then
    begin
      BreakOnTermination := 1;
      HRES := NtSetInformationProcess(GetCurrentProcess(), $1D , @BreakOnTermination, SizeOf(BreakOnTermination));
      if HRES = S_OK then
        writeln('Successfully set the current process as critical process.')
      else
        writeln('Error: Unable to set the current process as critical process.')
    end
    else if Cmd = 'off' then
    begin
      BreakOnTermination := 0;
      HRES := NtSetInformationProcess(GetCurrentProcess(), $1D , @BreakOnTermination, SizeOf(BreakOnTermination));
      if HRES = S_OK then
        writeln('Successfully canceled critical process status.')
      else
        writeln('Error: Unable to cancel critical process status.')
    end
    else if Cmd = 'exit' then
    begin
      Break;
    end;
  end;
  BreakOnTermination := 0;
  NtSetInformationProcess(GetCurrentProcess(), $1D , @BreakOnTermination, SizeOf(BreakOnTermination));
end.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...