Jump to content
Nytro

Set a process as critical process using NtSetInformationProcess function

By Nytro, in Programare

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

[h=1]Set a process as critical process using NtSetInformationProcess function[/h]by

[h=3]zwclose7[/h]The NtSetInformationProcess function can be used to set a process as critical process. The system will bug check the system with the bug check code CRITICAL_PROCESS_TERMINATION (0xF4) when the critical process is terminated.

To set a process as critical process using NtSetInformationProcess function, the caller must have SeDebugPrivilege enabled. This privilege can be enabled using the RtlAdjustPrivilege function.

To set a process as critical process, call NtSetInformationProcess with ProcessBreakOnTermination (0x1D) information class.

NTSTATUS NTAPI RtlAdjustPrivilege(ULONG Privilege,BOOLEAN Enable,BOOLEAN EnableForThread,PBOOLEAN OldValue);

NTSTATUS NTAPI NtSetInformationProcess(HANDLE ProcessHandle,PROCESS_INFORMATION_CLASS ProcessInformationClass,PVOID ProcessInformation,ULONG ProcessInformationLength);

post-35696-0-99073400-1376137402_thumb.png

post-35696-0-41162400-1376137411_thumb.png

Commands:

on - Set the current process as critical process.

off - Cancel the critical process status.

exit - Terminate the program. If you terminate the program whlie the critical process status is on, the system will crash!

#include <stdio.h>

#include <Windows.h>

#include <winternl.h>

#pragma comment(lib,"ntdll.lib")

EXTERN_C NTSTATUS NTAPI RtlAdjustPrivilege(ULONG,BOOLEAN,BOOLEAN,PBOOLEAN);

EXTERN_C NTSTATUS NTAPI NtSetInformationProcess(HANDLE,ULONG,PVOID,ULONG);

int main()

{

BOOLEAN bl;

ULONG BreakOnTermination;

NTSTATUS status;

char cmd[10];

//To set a process as critical process using NtSetInformationProcess function, the caller must have SeDebugPrivilege enabled.

if(!NT_SUCCESS(RtlAdjustPrivilege(20,TRUE,FALSE,&bl)))

{

printf("Unable to enable SeDebugPrivilege. Make sure you are running this program as administrator.");

return 1;

}

printf("Commands:\n\n");

printf("on - Set the current process as critical process.\noff - Cancel the critical process status.\nexit - Terminate the current process.\n\n");

while(1)

{

scanf("%s",cmd);

if(!strcmp("on",cmd))

{

BreakOnTermination=1;

status=NtSetInformationProcess((HANDLE)-1,0x1d,&BreakOnTermination,sizeof(ULONG));

if(status!=0)

{

printf("Error: Unable to set the current process as critical process. NtSetInformationProcess failed with status %#x\n\n",status);

}

else

{

printf("Successfully set the current process as critical process.\n\n");

}

}

else if(!strcmp("off",cmd))

{

BreakOnTermination=0;

status=NtSetInformationProcess((HANDLE)-1,0x1d,&BreakOnTermination,sizeof(ULONG));

if(status!=0)

{

printf("Error: Unable to cancel critical process status. NtSetInformationProcess failed with status %#x\n\n",status);

}

else

{

printf("Successfully canceled critical process status.\n\n");

}

}

else if(!strcmp("exit",cmd))

{

break;

}

}

return 0;

}

[h=4]Attached Thumbnails[/h]

  • post-35696-0-41162400-1376137411_thumb.png
  • post-35696-0-99073400-1376137402_thumb.png

[h=4]Attached Files[/h] zip.gif critproc.zip 305.83K

Sursa: Set a process as critical process using NtSetInformationProcess function - rohitab.com - Forums

Link to comment
Share on other sites
staticwater Newbie

staticwater

Posted
Posted

For Delphi/Lazarus lovers...translated to pascal! :)


program SetProcessCritical;

{$APPTYPE CONSOLE}

uses
  Windows;

  function RtlAdjustPrivilege(Privilege: ULONG; Enable: BOOL; CurrentThread: BOOL; var Enabled: PBOOL): DWORD; stdcall; external 'ntdll.dll';
  function NtSetInformationProcess(ProcHandle: THandle; ProcInfoClass: ULONG; ProcInfo: Pointer;  ProcInfoLength: ULONG): HResult; WINAPI; external 'ntdll.dll';

var
  Cmd: string[10];
  bl: PBOOL;
  BreakOnTermination: ULONG;
  HRES: HRESULT;
begin
  if not RtlAdjustPrivilege($14, True, True, bl) = 0 then
  begin
    writeln('Unable to enable SeDebugPrivilege. Make sure you are running this program as administrator.');
    Exit;
  end;
  writeln('Commands:' + #13#10 +
          'on - Set the current process as critical process.' + #13#10 +
          'off - Cancel the critical process status.' + #13#10 +
          'exit - Terminate the current process.');
  while True do
  begin
    Readln(cmd);
    if Cmd = 'on' then
    begin
      BreakOnTermination := 1;
      HRES := NtSetInformationProcess(GetCurrentProcess(), $1D , @BreakOnTermination, SizeOf(BreakOnTermination));
      if HRES = S_OK then
        writeln('Successfully set the current process as critical process.')
      else
        writeln('Error: Unable to set the current process as critical process.')
    end
    else if Cmd = 'off' then
    begin
      BreakOnTermination := 0;
      HRES := NtSetInformationProcess(GetCurrentProcess(), $1D , @BreakOnTermination, SizeOf(BreakOnTermination));
      if HRES = S_OK then
        writeln('Successfully canceled critical process status.')
      else
        writeln('Error: Unable to cancel critical process status.')
    end
    else if Cmd = 'exit' then
    begin
      Break;
    end;
  end;
  BreakOnTermination := 0;
  NtSetInformationProcess(GetCurrentProcess(), $1D , @BreakOnTermination, SizeOf(BreakOnTermination));
end.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...