#pragma once #include "ntdll.h" #include <Windows.h> #include <strsafe.h> #include <Lmcons.h> #include <tlhelp32.h> #include <shlwapi.h> #include <aclapi.h> #include <shellapi.h> #include <DbgHelp.h> #include <comdef.h> #include <sddl.h> #include <string> #pragma comment(lib, "Shlwapi.lib") #pragma comment(lib, "Advapi32.lib") #pragma comment(lib, "Shell32.lib") #pragma comment(lib, "Dbghelp.lib") extern HMODULE g_hInstance; extern HANDLE g_hConsoleOutput; extern LPWSTR g_pwszGuid; extern BOOL g_bVerbose; extern BOOL g_bDebug; extern BOOL g_bHardenAMPPLOnly; void DoStuff(); void LogToConsole(LPCWSTR pwszFormat, ...); void LogLastError(LPCWSTR pwszFunctionName); BOOL GetCurrentDllFileName(LPWSTR* ppwszDllName); BOOL DeleteKnownDllEntry(LPCWSTR pwszDllName); BOOL MakeKnownDllsReadOnly(LPCWSTR pKnownDlls); BOOL ParseCommandLine(); BOOL HardenAntiMalwareServices(); // From https://docs.microsoft.com/en-us/windows/win32/procthread/zwqueryinformationprocess #define ProcessProtectionInformation (PROCESSINFOCLASS)61 typedef __declspec(align(4)) struct _PS_PROTECTION { union { UCHAR Level; struct { UCHAR Type : 3; UCHAR Audit : 1; // Reserved UCHAR Signer : 4; }; }; } PS_PROTECTION, * PPS_PROTECTION; typedef enum _PS_PROTECTED_TYPE { PsProtectedTypeNone = 0, PsProtectedTypeProtectedLight = 1, PsProtectedTypeProtected = 2 } PS_PROTECTED_TYPE, * PPS_PROTECTED_TYPE; typedef enum _PS_PROTECTED_SIGNER { PsProtectedSignerNone = 0, PsProtectedSignerAuthenticode, PsProtectedSignerCodeGen, PsProtectedSignerAntimalware, PsProtectedSignerLsa, PsProtectedSignerWindows, PsProtectedSignerWinTcb, PsProtectedSignerWinSystem, PsProtectedSignerApp, PsProtectedSignerMax } PS_PROTECTED_SIGNER, * PPS_PROTECTED_SIGNER;