My Windows XP/7 program launches a child process using the Windows API CreateProcess() function as part of its operations. I want to be able to "sandbox" the application in one but only one particular way. I do not want to let the child process spawn processes of its own (grandchildren). Is there a way to do this without having to do any hooking or DLL injections (or IAT patching)?
I saw this MSDN page on Process Security and Access Rights:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms684880(v=vs.85).aspx
I noticed the following process specific access rights:
PROCESS_CREATE_PROCESS (0x0080) Required to create a process.
Could I launch the child process in the suspended state, remove that access right via an XOR operation, update the child process' access rights with SetSecurityDescriptor(), and resume it to keep it from creating its own child processes? Or should I apply it to the EXE file on disk instead? Would this work?
If so, I'd appreciate a good code sample using SetSecurityDescriptor() that would show me the nuances of doing this propertly. If this approach would not work, any ideas or tips you might have would be appreciated.
You can use Job objects to set limits on the processes in a job: JOBOBJECT_BASIC_LIMIT_INFORMATION
.ActiveProcessLimit
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With