• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 322
  • Last Modified:

How do you secure Windows objects using C++?

Hi, I am currently working on a project which is an investigation into windows file security. The aim of the project is to develop a user-friendly application which allows users to password protect objects such as files/folders/applications on a Windows operating system. I have done some studying into this type of application and I believe the key is to itercept Windows Hooks in order to divert the call to my application whenever a protected object is accessed. Could anyone help me out with some sample code that demontrates the basics of how I can configure a Security Descriptor to block access and apply it to an object? And some sample code of how to intercept Windows Hooks? Or even any information that concerns this type of project.

Thanks,

James.
0
sheishmaster
Asked:
sheishmaster
  • 3
  • 2
  • 2
4 Solutions
 
jkrCommented:
'BuildExplicitAccessWithName()' is an API for that (along with several others), e.g.

    LPTSTR FileName = "C:\\Temp\\MyDir\\SomeFile.txt";
    LPTSTR TrusteeName = "Everyone";

    DWORD AccessMask = GENERIC_ALL;
    DWORD InheritFlag = CONTAINER_INHERIT_ACE;
    ACCESS_MODE option = GRANT_ACCESS;
    EXPLICIT_ACCESS explicitaccess;

    PACL ExistingDacl;
    PACL NewAcl = NULL;
    PSECURITY_DESCRIPTOR psd = NULL;

    DWORD dwError;

    dwError = GetNamedSecurityInfo(
                        FileName,
                        SE_FILE_OBJECT,
                        DACL_SECURITY_INFORMATION,
                        NULL,
                        NULL,
                        &ExistingDacl,
                        NULL,
                        &psd
                        );

    BuildExplicitAccessWithName(
            &explicitaccess,
            TrusteeName,
            AccessMask,
            option,
            InheritFlag
            );

    //
    // add specified access to the object
    //

    dwError = SetEntriesInAcl(
            1,
            &explicitaccess,
            ExistingDacl,
            &NewAcl
            );

    //
    // apply new security to file
    //

    dwError = SetNamedSecurityInfo(
                    FileName,
                    SE_FILE_OBJECT, // object type
                    DACL_SECURITY_INFORMATION,
                    NULL,
                    NULL,
                    NewAcl,
                    NULL
                    );

(This is a stripped down version of the MS' AclAPI sample)
0
 
sheishmasterAuthor Commented:
Hi thanks for your response, are there any files I must include to compile this code? and also do you know anything about intercepting Windows hooks?

Thanks,

James.
0
 
Deepu AbrahamR & D Engineering ManagerCommented:
0
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

 
Deepu AbrahamR & D Engineering ManagerCommented:
0
 
jkrCommented:
>>are there any files I must include to compile this code?

'aclapi.h' is necessary. What do you need to know about hooks in that context and what objects do you want to secure in particular?
0
 
sheishmasterAuthor Commented:
jkr: The objects I am looking to secure are files/folders and applications. So I want to use Windows Hooks to intercept a call to whenever a user tries to access any of these objects that are protected to direct the user to my application which will prompt them for a password.

If this doesnt sound a simple way to do it, could you suggest a better way or even some advice on ways of doing it?

Thanks,

James.
0
 
jkrCommented:
Well, in that case, you should not go for Windows hooks, but for API hooks to intercept function calls. Take a look at http://www.windowsitlibrary.com/Content/356/06/2.html ("Hooking Windows NT System Services") and http://www.codeproject.com/system/hooksys.asp ("API hooking revealed"). In a nutshell, you'intercept the file API calls, check the file's name and then pop-up your password dialog. In case of success, you'd foward the call the the original API or return an error code otherwise.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now