// SecurityObj.cpp : Defines the entry point for the application.
//

#include "stdafx.h"

#include <windows.h>
#include <stdio.h>
#include <aclapi.h>

BOOL CreateProtectedProcess(
LPCTSTR lpApplicationName,                 // name of executable module
LPTSTR lpCommandLine,                      // command line string   
DWORD dwCreationFlags                      // creation flags
);

int APIENTRY WinMain(HINSTANCE hInstance,
                    HINSTANCE hPrevInstance,
                    LPSTR     lpCmdLine,
                    int       nCmdShow)
{
CreateProtectedProcess("c:\winnt\system32\calc.exe",           NULL, 0 );
return 0;
}

BOOL CreateProtectedProcess(
LPCTSTR lpApplicationName,                 // name of executable module
LPTSTR lpCommandLine,                      // command line string   
DWORD dwCreationFlags                      // creation flags
)
{
DWORD dwRes;
PSID pEveryoneSID = NULL, pAdminSID = NULL;
PACL pACL = NULL;
PSECURITY_DESCRIPTOR pSD = NULL;
EXPLICIT_ACCESS ea[2];
SID_IDENTIFIER_AUTHORITY SIDAuthWorld = SECURITY_WORLD_SID_AUTHORITY;
SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;
SECURITY_ATTRIBUTES sa;

// Create a well-known SID for the Everyone group.

if(! AllocateAndInitializeSid( &SIDAuthWorld, 1,
                SECURITY_WORLD_RID,
                0, 0, 0, 0, 0, 0, 0,
                &pEveryoneSID) ) 
{    
 return FALSE;
}

// Initialize an EXPLICIT_ACCESS structure for an ACE.
// The ACE will allow Everyone read access to the object.

ZeroMemory(&ea, 2 * sizeof(EXPLICIT_ACCESS));
ea[0].grfAccessPermissions = GENERIC_READ;
ea[0].grfAccessMode = DENY_ACCESS;
ea[0].grfInheritance= NO_INHERITANCE;
ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
ea[0].Trustee.ptstrName  = (LPTSTR) pEveryoneSID;

// Create a SID for the BUILTIN\Administrators group.

if(! AllocateAndInitializeSid( &SIDAuthNT, 2,
                SECURITY_BUILTIN_DOMAIN_RID,
                DOMAIN_ALIAS_RID_ADMINS,
                0, 0, 0, 0, 0, 0,
                &pAdminSID) ) 
{    
 goto Cleanup; 
}

// Initialize an EXPLICIT_ACCESS structure for an ACE.
// The ACE will allow the Administrators group full access to the key.

ea[1].grfAccessPermissions = GENERIC_READ;
ea[1].grfAccessMode = DENY_ACCESS;
ea[1].grfInheritance= NO_INHERITANCE;
ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[1].Trustee.TrusteeType = TRUSTEE_IS_GROUP;
ea[1].Trustee.ptstrName  = (LPTSTR) pAdminSID;

// Create a new ACL that contains the new ACEs.

dwRes = SetEntriesInAcl(2, ea, NULL, &pACL);
if (ERROR_SUCCESS != dwRes) 
{    
 goto Cleanup;
}

// Initialize a security descriptor.  

pSD = (PSECURITY_DESCRIPTOR) LocalAlloc(LPTR, 
                        SECURITY_DESCRIPTOR_MIN_LENGTH); 
if (pSD == NULL) 
{     
 goto Cleanup; 
} 

if (!InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION)) 
{      
 goto Cleanup; 
} 

// Add the ACL to the security descriptor. 

if (!SetSecurityDescriptorDacl(pSD, TRUE,     // fDaclPresent flag   
  pACL, FALSE))   // not a default DACL 
{      
 goto Cleanup; 
} 

// Initialize a security attributes structure.

sa.nLength = sizeof (SECURITY_ATTRIBUTES);
sa.lpSecurityDescriptor = pSD;
sa.bInheritHandle = FALSE;

// Use the security attributes to set the security descriptor 
// when you create a key.

PROCESS_INFORMATION pi; 
STARTUPINFO si;
memset(&pi,0,sizeof(pi));
memset(&si,0,sizeof(si));
si.cb = sizeof(si);
si.wShowWindow = SW_SHOW;

CreateProcess(lpApplicationName,lpCommandLine, &sa,  &sa,dwCreationFlags,0,0,0,&si,&pi);

// clean up data
Cleanup:

   if (pEveryoneSID)     FreeSid(pEveryoneSID);
   if (pAdminSID)         FreeSid(pAdminSID);
   if (pACL)         LocalFree(pACL);
   if (pSD)         LocalFree(pSD);
   
return TRUE;

}