标签:
ssdt 随便一个函数入口改90就蓝了
-------------------------------------------------
program Project2; uses Windows; (* 原作者:不详。据说是逆的smss的代码。 翻译:http://www.138soft.com,lovejingtao@21cn.com. *) type {$Z4} _HARDERROR_RESPONSE_OPTION = ( OptionAbortRetryIgnore, OptionOk, OptionOkCancel, OptionRetryCancel, OptionYesNo, OptionYesNoCancel, OptionShutdownSystem, OptionOkNoWait, OptionCancelTryContinue ); HARDERROR_RESPONSE_OPTION = _HARDERROR_RESPONSE_OPTION; {$Z1} _UNICODE_STRING = record Length: USHORT; MaximumLength: USHORT; Buffer: PWideChar; end; UNICODE_STRING = _UNICODE_STRING; PUNICODE_STRING = ^_UNICODE_STRING; pfnZwRaiseHardError = function(ErrorStatus: Integer; NumberOfParameters: ULONG; UnicodeStringParameterMask: ULONG; //PUNICODE_STRING; Parameters: Pointer; ValidResponseOptions: HARDERROR_RESPONSE_OPTION; Response: PULONG): Integer; stdcall; function DebugPrivilege(PName: LPCTSTR; bEnable: BOOL): BOOL; var hToken: THANDLE; TokenPrivileges: TOKEN_PRIVILEGES; ReturnLength: DWORD; begin Result := False; if (not OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY or TOKEN_ADJUST_PRIVILEGES, hToken)) then Exit; TokenPrivileges.PrivilegeCount := 1; if bEnable then TokenPrivileges.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED else TokenPrivileges.Privileges[0].Attributes := 0; LookupPrivilegeValue(nil, PName, TokenPrivileges.Privileges[0].Luid); AdjustTokenPrivileges(hToken, FALSE, TokenPrivileges, sizeof(TOKEN_PRIVILEGES), nil, ReturnLength); if (GetLastError() <> ERROR_SUCCESS) then Exit; CloseHandle(hToken); Result := True; end; const SE_SHUTDOWN_NAME = ‘SeShutdownPrivilege‘;//NtRaiseHardError需要关机权限 var str: UNICODE_STRING; args: array[0..2] of THandle; x: ULONG; hDll: HMODULE; ZwRaiseHardError: pfnZwRaiseHardError; begin str.Length := 8; str.MaximumLength := 10; str.Buffer := ‘test‘; args[0] := $12345678; args[1] := $87654321; args[2] := THandle(@str); hDll := GetModuleHandle(‘ntdll.dll‘); @ZwRaiseHardError := GetProcAddress(hDll, ‘ZwRaiseHardError‘); DebugPrivilege(SE_SHUTDOWN_NAME, TRUE); ZwRaiseHardError(Integer($C000021A), 3, 4, @args, OptionShutdownSystem, @x); end.
注意:64位系统请编译为64位EXE。需要管理员权限。
-------------------------------------------------------------------------------------------------------------
uses Windows; function MakeMeCritical(Yes: Boolean): Boolean; const SE_DEBUG_PRIVILEGE = $14; SE_PROC_INFO = $1D; var Enabled: PBOOL; DllHandle: THandle; BreakOnTermination: ULong; HR: HRESULT; RtlAdjustPrivilege: function(Privilege: ULONG; Enable: BOOL; CurrentThread: BOOL; var Enabled: PBOOL): DWORD; stdcall; NtSetInformationProcess: function(ProcHandle: THandle; ProcInfoClass: ULONG; ProcInfo: Pointer; ProcInfoLength: ULONG): HResult; WINAPI; begin Result := False; DllHandle := LoadLibrary(‘ntdll.dll‘) ; if DllHandle <> 0 then begin @RtlAdjustPrivilege := GetProcAddress(dllHandle, ‘RtlAdjustPrivilege‘); if (@RtlAdjustPrivilege <> nil) then begin if RtlAdjustPrivilege(SE_DEBUG_PRIVILEGE, True, True, Enabled) = 0 then begin @NtSetInformationProcess := GetProcAddress(dllHandle, ‘NtSetInformationProcess‘); if (@NtSetInformationProcess <> nil) then begin BreakOnTermination := Ord(Yes); HR := NtSetInformationProcess(GetCurrentProcess(), SE_PROC_INFO, @BreakOnTermination, SizeOf(BreakOnTermination)); Result := HR = S_OK; end; end; end; FreeLibrary(DllHandle); end end; begin if MakeMeCritical(True) then begin //the user cannot termintate the process now MessageBoxA(0, PAnsiChar(‘千万不要从任务管理器结束我,否则马上蓝你MB的屏‘), PAnsiChar(‘Test‘), 0); end else MessageBoxA(0, PAnsiChar(‘Something went wrong‘), PAnsiChar(‘Test‘), 0); end.
参考:http://bbs.2ccc.com/topic.asp?topicid=471293
标签:
原文地址:http://www.cnblogs.com/findumars/p/4204238.html