You can effectively disable system() and any other process creation function for a given process by assigning it to a Job with an active process limit of 1.
Code:
// parent
#include <windows.h>
#include <iostream>
int main()
{
HANDLE hJob = CreateJobObject(NULL, NULL);
if(hJob)
{
JOBOBJECT_BASIC_LIMIT_INFORMATION jbli = {0};
jbli.LimitFlags = JOB_OBJECT_LIMIT_ACTIVE_PROCESS;
jbli.ActiveProcessLimit = 1;
if(SetInformationJobObject(hJob, JobObjectBasicLimitInformation, &jbli, sizeof(jbli)))
{
PROCESS_INFORMATION pi = {0};
STARTUPINFO si = {sizeof(si), 0};
if(CreateProcess("child.exe", NULL, NULL, NULL, FALSE,
CREATE_SUSPENDED, NULL, NULL, &si, &pi))
{
if(AssignProcessToJobObject(hJob, pi.hProcess))
{
std::cout << "Proc in job\n";
if(ResumeThread(pi.hThread) == MAXDWORD)
{
std::cout << "But failed to resume\n";
TerminateProcess(pi.hProcess, 0);
}
}
else
{
std::cout << "Job failed - " << GetLastError() << '\n';
TerminateProcess(pi.hProcess, 0);
}
CloseHandle(pi.hProcess);
CloseHandle(pi.hThread);
}
}
CloseHandle(hJob);
}
return 0;
}
// child
#include <windows.h>
#include <iostream>
int __cdecl main()
{
PROCESS_INFORMATION pi = {0};
STARTUPINFO si = {sizeof(si), 0};
std::cout << "Trying normal: ";
if(CreateProcess(L"D:\\Windows\\system32\\winver.exe", NULL,
NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi))
{
std::cout << "Created process with pid = " << pi.dwProcessId << '\n';
CloseHandle(pi.hProcess);
CloseHandle(pi.hThread);
}
else
{
std::cout << "Failed to create process error = " << GetLastError() << '\n';
}
std::cout << "Trying breakaway: ";
if(CreateProcess("D:\\Windows\\system32\\winver.exe", NULL,
NULL, NULL, FALSE, CREATE_BREAKAWAY_FROM_JOB,
NULL, NULL, &si, &pi))
{
std::cout << "Created process with pid = " << pi.dwProcessId << '\n';
CloseHandle(pi.hProcess);
CloseHandle(pi.hThread);
}
else
{
std::cout << "Failed to create process error = " << GetLastError() << '\n';
}
}
Originally Posted by
output
Proc in job
Trying normal: Failed to create process error = 1816 (ERROR_NOT_ENOUGH_QUOTA)
Trying breakaway: Failed to create process error = 5 (ERROR_ACCESS_DENIED)