Solved

How do you secure Windows objects using C++?

Posted on 2007-11-20
7
295 Views
Last Modified: 2013-12-14
Hi, I am currently working on a project which is an investigation into windows file security. The aim of the project is to develop a user-friendly application which allows users to password protect objects such as files/folders/applications on a Windows operating system. I have done some studying into this type of application and I believe the key is to itercept Windows Hooks in order to divert the call to my application whenever a protected object is accessed. Could anyone help me out with some sample code that demontrates the basics of how I can configure a Security Descriptor to block access and apply it to an object? And some sample code of how to intercept Windows Hooks? Or even any information that concerns this type of project.

Thanks,

James.
0
Comment
Question by:sheishmaster
  • 3
  • 2
  • 2
7 Comments
 
LVL 86

Assisted Solution

by:jkr
jkr earned 300 total points
Comment Utility
'BuildExplicitAccessWithName()' is an API for that (along with several others), e.g.

    LPTSTR FileName = "C:\\Temp\\MyDir\\SomeFile.txt";
    LPTSTR TrusteeName = "Everyone";

    DWORD AccessMask = GENERIC_ALL;
    DWORD InheritFlag = CONTAINER_INHERIT_ACE;
    ACCESS_MODE option = GRANT_ACCESS;
    EXPLICIT_ACCESS explicitaccess;

    PACL ExistingDacl;
    PACL NewAcl = NULL;
    PSECURITY_DESCRIPTOR psd = NULL;

    DWORD dwError;

    dwError = GetNamedSecurityInfo(
                        FileName,
                        SE_FILE_OBJECT,
                        DACL_SECURITY_INFORMATION,
                        NULL,
                        NULL,
                        &ExistingDacl,
                        NULL,
                        &psd
                        );

    BuildExplicitAccessWithName(
            &explicitaccess,
            TrusteeName,
            AccessMask,
            option,
            InheritFlag
            );

    //
    // add specified access to the object
    //

    dwError = SetEntriesInAcl(
            1,
            &explicitaccess,
            ExistingDacl,
            &NewAcl
            );

    //
    // apply new security to file
    //

    dwError = SetNamedSecurityInfo(
                    FileName,
                    SE_FILE_OBJECT, // object type
                    DACL_SECURITY_INFORMATION,
                    NULL,
                    NULL,
                    NewAcl,
                    NULL
                    );

(This is a stripped down version of the MS' AclAPI sample)
0
 
LVL 2

Author Comment

by:sheishmaster
Comment Utility
Hi thanks for your response, are there any files I must include to compile this code? and also do you know anything about intercepting Windows hooks?

Thanks,

James.
0
 
LVL 11

Assisted Solution

by:DeepuAbrahamK
DeepuAbrahamK earned 200 total points
Comment Utility
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 11

Assisted Solution

by:DeepuAbrahamK
DeepuAbrahamK earned 200 total points
Comment Utility
0
 
LVL 86

Expert Comment

by:jkr
Comment Utility
>>are there any files I must include to compile this code?

'aclapi.h' is necessary. What do you need to know about hooks in that context and what objects do you want to secure in particular?
0
 
LVL 2

Author Comment

by:sheishmaster
Comment Utility
jkr: The objects I am looking to secure are files/folders and applications. So I want to use Windows Hooks to intercept a call to whenever a user tries to access any of these objects that are protected to direct the user to my application which will prompt them for a password.

If this doesnt sound a simple way to do it, could you suggest a better way or even some advice on ways of doing it?

Thanks,

James.
0
 
LVL 86

Accepted Solution

by:
jkr earned 300 total points
Comment Utility
Well, in that case, you should not go for Windows hooks, but for API hooks to intercept function calls. Take a look at http://www.windowsitlibrary.com/Content/356/06/2.html ("Hooking Windows NT System Services") and http://www.codeproject.com/system/hooksys.asp ("API hooking revealed"). In a nutshell, you'intercept the file API calls, check the file's name and then pop-up your password dialog. In case of success, you'd foward the call the the original API or return an error code otherwise.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
This tutorial covers a step-by-step guide to install VisualVM launcher in eclipse.
The goal of the tutorial is to teach the user how to use functions in C++. The video will cover how to define functions, how to call functions and how to create functions prototypes. Microsoft Visual C++ 2010 Express will be used as a text editor an…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now