From a9dd792b303ea52c3030e05989e7f10f43aea92c Mon Sep 17 00:00:00 2001 From: momo5502 Date: Sun, 12 Mar 2017 11:13:47 +0100 Subject: [PATCH] [AntiCheat] Softer process protection --- src/Components/Modules/AntiCheat.cpp | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/src/Components/Modules/AntiCheat.cpp b/src/Components/Modules/AntiCheat.cpp index 964827a0..6e5b93a3 100644 --- a/src/Components/Modules/AntiCheat.cpp +++ b/src/Components/Modules/AntiCheat.cpp @@ -361,9 +361,9 @@ namespace Components Utils::Memory::Allocator allocator; HANDLE hToken = nullptr; - if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_READ, &hToken)) + if (!OpenProcessToken(GetCurrentProcess(), /*TOKEN_ADJUST_PRIVILEGES | */TOKEN_READ, &hToken)) { - if (!OpenThreadToken(GetCurrentThread(), TOKEN_ADJUST_PRIVILEGES | TOKEN_READ, TRUE, &hToken)) + if (!OpenThreadToken(GetCurrentThread(), /*TOKEN_ADJUST_PRIVILEGES | */TOKEN_READ, TRUE, &hToken)) { return GetLastError(); } @@ -442,12 +442,21 @@ namespace Components if (!pDacl || !InitializeAcl(pDacl, dwSize, ACL_REVISION)) return GetLastError(); // Just give access to what steam needs - static const DWORD dwPoison = 0UL | ~(SYNCHRONIZE | GENERIC_EXECUTE | GENERIC_ALL); + //static const DWORD dwPoison = 0UL | ~(SYNCHRONIZE | GENERIC_EXECUTE | GENERIC_ALL); + static const DWORD dwPoison = + /*READ_CONTROL |*/ WRITE_DAC | WRITE_OWNER | + PROCESS_CREATE_PROCESS | PROCESS_CREATE_THREAD | + PROCESS_DUP_HANDLE | PROCESS_QUERY_INFORMATION | + PROCESS_SET_QUOTA | PROCESS_SET_INFORMATION | + PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE | + // In addition to protected process + PROCESS_SUSPEND_RESUME | PROCESS_TERMINATE; if (!AddAccessDeniedAce(pDacl, ACL_REVISION, dwPoison, psidArray[0])) return GetLastError(); // Standard and specific rights not explicitly denied - static const DWORD dwAllowed = 0UL | SYNCHRONIZE; + //static const DWORD dwAllowed = 0UL | SYNCHRONIZE; + static const DWORD dwAllowed = (~dwPoison & 0x1FFF) | SYNCHRONIZE; if (!AddAccessAllowedAce(pDacl, ACL_REVISION, dwAllowed, psidArray[1])) return GetLastError(); // Because of ACE ordering, System will effectively have dwAllowed even