DuplicateHandle复制句柄保护文件

以独占方式打开一个文件，然后将文件的句柄复制到另一个进程，比如复制到System进程，然后自己的进程就可以退出。

在Ring3下只要句柄没有关闭，别人就删除不了文件。

 

#include <windows.h>
#include <stdio.h>

 

void SetPrivilege()
{
 HANDLE hToken;
 LUID destLuid;
 TOKEN_PRIVILEGES TokenPrivileges;
 OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken); //获得进程访问令牌的句柄
 LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &destLuid);   //操作的类型为SE_DEBUG_NAME       
 TokenPrivileges.PrivilegeCount = 1;
 TokenPrivileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
 TokenPrivileges.Privileges[0].Luid = destLuid;
 AdjustTokenPrivileges(hToken, FALSE, &TokenPrivileges, 0, NULL, NULL); //提升权限
 CloseHandle(hToken);   //关闭句柄
}

 

BOOL ProtectFile(
     IN LPCTSTR pszFilePath,
     IN DWORD dwProcessId,
     IN BOOL bFileCanBeRead
     )
{
 HANDLE hFile;
 HANDLE hProcess;
 
 // get the file handle
 
 hFile = CreateFile(
  pszFilePath,
  GENERIC_READ,
  (bFileCanBeRead ? FILE_SHARE_READ : 0),
  NULL,
  OPEN_EXISTING,
  FILE_ATTRIBUTE_NORMAL,
  NULL
  );
 if (hFile == INVALID_HANDLE_VALUE)
 {
  return FALSE;
 }
 
 // open the process handle
 
 hProcess = OpenProcess(PROCESS_DUP_HANDLE, FALSE, dwProcessId);
 if (!hProcess)
 {
  printf("OpenProcess error/n");
  CloseHandle(hFile);
  return FALSE;
 }
 
 // call duplicatehandle
 
 BOOL fOk = DuplicateHandle(
  GetCurrentProcess(),              // source process handle
  hFile,                                     // source handle
  hProcess,                              // target process handle
  NULL,                                    // target handle, we don't care it
  0,
  FALSE,                                  
  DUPLICATE_SAME_ACCESS
  );
 
 CloseHandle(hFile);
 CloseHandle(hProcess);
 return fOk;
}

void main()
{
 SetPrivilege();   //提升进程权限
 ProtectFile("C://1.txt",4,false);
}