How to create an unkillable process with Rust?

"I researched on the internet but could not find out how to do it with rust, I know that to create an unkillable process then you have to modify the access control list file, I found a code below

static const bool ProtectProcess()
{
    HANDLE hProcess = GetCurrentProcess();
    EXPLICIT_ACCESS denyAccess = {0};
    DWORD dwAccessPermissions = GENERIC_WRITE|PROCESS_ALL_ACCESS|WRITE_DAC|DELETE|WRITE_OWNER|READ_CONTROL;
    BuildExplicitAccessWithName( &denyAccess, _T("CURRENT_USER"), dwAccessPermissions, DENY_ACCESS, NO_INHERITANCE );
    PACL pTempDacl = NULL;
    DWORD dwErr = 0;
    dwErr = SetEntriesInAcl( 1, &denyAccess, NULL, &pTempDacl );
    // check dwErr...
    dwErr = SetSecurityInfo( hProcess, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, pTempDacl, NULL );
    // check dwErr...
    LocalFree( pTempDacl );
    CloseHandle( hProcess );
    return dwErr == ERROR_SUCCESS;
}

I tried with window-acl but it didn't work, maybe because my code is wrong or because of some other problem.

Edit:
error when I test with windows-acl

extern crate winapi;
extern crate windows_acl;
use windows_acl::acl::ACL;
use windows_acl::helper::string_to_sid;
use winapi::um::winnt::*;
fn main() {
    let world_sid = string_to_sid("S-1-1-0").unwrap();

    let mut acl = ACL::from_file_path("E:\\Code\\Rust\\test\\test.exe", true).unwrap();

    // Audit every file operation in sensitive_files from anyone in the Everyone group
    match acl.audit(
                world_sid.as_ptr() as PSID,
                true,
                FILE_ALL_ACCESS,
                true,
                true
            ) {
        Ok(status) => {
            if !status {
                println!("We had an internal issue trying to add audit entry to sensitive_files");
            }
        },
        Err(code) => {
            println!("Failed to add audit entry to sensitive_files: error={}", code);
        }
    }
}
called `Result::unwrap()` on an `Err` value: 1300
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

doesn't work when I rewrite code with winapi

use std::ptr;
use winapi::um::aclapi::SetEntriesInAclW;
use winapi::um::handleapi::CloseHandle;
use winapi::um::processthreadsapi::GetCurrentProcess;
use winapi::um::winbase::LocalFree;
use winapi::um::accctrl::*;
use winapi::um::winnt::*;
use winapi::um::aclapi::SetSecurityInfo;
use winapi::um::aclapi::BuildExplicitAccessWithNameW;



fn protect_process() -> bool {
    let h_process = unsafe { GetCurrentProcess() };
    if h_process.is_null() {
        return false;
    }

    let mut deny_access = EXPLICIT_ACCESS_W {
        grfAccessPermissions: GENERIC_WRITE | PROCESS_ALL_ACCESS | WRITE_DAC | DELETE | WRITE_OWNER | READ_CONTROL,
        grfAccessMode: DENY_ACCESS,
        grfInheritance: NO_INHERITANCE,
        Trustee: TRUSTEE_W {
            pMultipleTrustee: ptr::null_mut(),
            MultipleTrusteeOperation: 0,
            TrusteeForm: 0,
            TrusteeType: 0,
            ptstrName: ptr::null_mut(),
        },
    };

    unsafe {
        BuildExplicitAccessWithNameW(
            &mut deny_access as *mut EXPLICIT_ACCESS_W,
            "CURRENT_USER\0".as_ptr() as *mut u16,
            GENERIC_WRITE | PROCESS_ALL_ACCESS | WRITE_DAC | DELETE | WRITE_OWNER | READ_CONTROL,
            DENY_ACCESS,
            NO_INHERITANCE,
        );
    }

    let dw_err = unsafe {
        SetEntriesInAclW(
            1,
            &mut deny_access as *mut EXPLICIT_ACCESS_W,
            ptr::null_mut(),
            ptr::null_mut(),
        )
    };

    let result = unsafe {
        SetSecurityInfo(
            h_process,
            SE_KERNEL_OBJECT,
            DACL_SECURITY_INFORMATION,
            ptr::null_mut(),
            ptr::null_mut(),
            h_process as PACL,
            ptr::null_mut(),
        )
    };

    unsafe {
        CloseHandle(h_process);
        LocalFree(h_process as *mut _);
    }

    result == 0
}

fn main() {
    if protect_process() {
        println!("Process protection applied successfully.");
    } else {
        println!("Failed to apply process protection.");
    }
}
"CURRENT_USER\0".as_ptr() as *mut u16,

Lookup creating os strings.

2 Likes