说,当我的进程是使用STARTUPINFOEX结构和PROC_THREAD_ATTRIBUTE_LIST成员创建的:
DWORD ProtectionLevel = PROTECTION_LEVEL_SAME;
SIZE_T AttributeListSize;
STARTUPINFOEXW StartupInfoEx = { 0 };
StartupInfoEx.StartupInfo.cb = sizeof(StartupInfoEx);
InitializeProcThreadAttributeList(NULL, 1, 0, &AttributeListSize)
StartupInfoEx.lpAttributeList = (LPPROC_THREAD_ATTRIBUTE_LIST) HeapAlloc(
GetProcessHeap(),
0,
AttributeListSize
);
if (InitializeProcThreadAttributeList(StartupInfoEx.lpAttributeList,
1,
0,
&AttributeListSize) == FALSE)
{
Result = GetLastError();
goto exitFunc;
}
if (UpdateProcThreadAttribute(StartupInfoEx.lpAttributeList,
0,
PROC_THREAD_ATTRIBUTE_PROTECTION_LEVEL,
&ProtectionLevel,
sizeof(ProtectionLevel),
NULL,
NULL) == FALSE)
{
Result = GetLastError();
goto exitFunc;
}
PROCESS_INFORMATION ProcessInformation = { 0 };
if (CreateProcessW(ApplicationName,
CommandLine,
ProcessAttributes,
ThreadAttributes,
InheritHandles,
EXTENDED_STARTUPINFO_PRESENT | CREATE_PROTECTED_PROCESS,
Environment,
CurrentDirectory,
(LPSTARTUPINFOW)&StartupInfoEx,
&ProcessInformation) == FALSE)
{
Result = GetLastError();
goto exitFunc;
}
如何为我自己的流程更新该属性列表?
例如,我想修改我自己的进程PROC_THREAD_ATTRIBUTE_CHILD_PROCESS_POLICY以防止它创建任何子进程。
这并不能完全回答我的问题。这是我上面原始帖子的评论线程的后续。
因此,仅为了禁用子进程的创建(类似于PROC_THREAD_ATTRIBUTE_CHILD_PROCESS_POLICY),就可以为自己的进程启用此功能,如下所示:
DWORD dwNoChild = 1;
BOOL bResult = ::SetProcessMitigationPolicy((PROCESS_MITIGATION_POLICY)13 /*ProcessChildProcessPolicy*/,
&dwNoChild, sizeof(dwNoChild));
请注意,无需提升进程即可使其正常工作。
(不要让我坚持下去,但我认为ProcessChildProcessPolicy标志仅在 Windows 10 上受支持。