Organize the information when found the previous code, the machine Win7 x64 Sp1 run directly off, black screen. is to use the Rtladjustprivilege function to extract the right, the code in the comments written in detail. With the VS2010 written, directly compiled into x64 can be run, directly shut down the machine.
#include"stdafx.h"#include<Windows.h>#include<stdio.h>//Defining function PrototypestypedefLong(__fastcall *pfnRtlAdjustPrivilege64) (ulong,ulong,ulong,pvoid); typedefint(* Pfnzwshutdownsystem) (int);p fnRtlAdjustPrivilege64 rtladjustprivilege;pfnzwshutdownsystem Zwshutdownsystem;int_tmain (intARGC, _tchar*argv[]) { //Loading DLLsHmodule hmodule =:: LoadLibrary (L"NTDLL.DLL"); if(Hmodule = =NULL) {printf ("LoadLibrary error\n"); return 0; } //get the address of the exported functionRtladjustprivilege = (pfnRtlAdjustPrivilege64) GetProcAddress (hmodule,"Rtladjustprivilege"); Zwshutdownsystem= (Pfnzwshutdownsystem) GetProcAddress (hmodule,"Zwshutdownsystem"); if(Rtladjustprivilege = =NULL) {printf ("GetProcAddress error \ n"); return 0; } //get the system versionosVersionInfo osvi; Osvi.dwosversioninfosize=sizeof(OSVERSIONINFO); if(GetVersionEx (&OSVI) = =0) { return false; } DWORD Dwreturnval; if(Osvi.dwplatformid = =ver_platform_win32_nt) { /*. Constant Se_backup_privilege, "17", public. Constant Se_restore_privilege, "18", public. Constant Se_shutdown_privilege, "19", public. Constant Se_debug_privilege, "20", public*/Rtladjustprivilege (,1,0, &dwreturnval); } //force shutdown, do not send wm_queryendsession message to process//ExitWindowsEx (ewx_force, 0);//Exit UserZwshutdownsystem (2);//Direct black Screen return 0;}
Windows Instant Shutdown Code