It seems (Tuts4You Forum) that the desired result is uncontrollable, and some conditions which must be fulfilled, such Run as administrator (UAC) and debug privilege which must already acquired by the Debugger...
As mentioned by Archer there are similarity with detecting the debugger by trying to open "csrss.exe" process with PROCESS_ALL_ACCESS as parameter (debug privilege needed) also limited by the same conditions mentioned above.
PHP Code:
#include <windows.h>
#include <ntdll.h>
#ifdef _WIN64
#define captionMsg L"64-bit Application"
#else
#define captionMsg L"32-bit Application"
#endif
int WINAPI iWinMain() {
HANDLE ProcessHandle = NULL;
OBJECT_ATTRIBUTES ObjectAttributes;
CLIENT_ID ClientId;
ObjectAttributes.Length = sizeof(OBJECT_ATTRIBUTES);
ObjectAttributes.RootDirectory = 0;
ObjectAttributes.ObjectName = NULL;
ObjectAttributes.Attributes = OBJ_CASE_INSENSITIVE;
ObjectAttributes.SecurityDescriptor = NULL;
ObjectAttributes.SecurityQualityOfService = NULL;
ClientId.UniqueProcess = CsrGetProcessId(); // getting "csrss.exe" ProcessId.
ClientId.UniqueThread = 0;
NtOpenProcess(
&ProcessHandle,
PROCESS_ALL_ACCESS, // This parameter need SeDebugPrivilege.
&ObjectAttributes,
&ClientId);
if (ProcessHandle != NULL)
memset(NULL, 0, 1); //<-- BOOM! PADA BOOM!!!
MessageBoxW(
NULL,
L"Nothing!",
captionMsg,
MB_ICONINFORMATION);
return 0;
}
Then to complete this topic (Debug Privilege), attached second sample based on "csrss.exe" process handling.
Regards