Preliminary Implementation of shutdown applets

Today, a bunch of people in the dormitory are playing games, so they can't sleep, and they are decisive. They will send out the preliminary implementation of the shutdown gadgets that have been struggling for a while and some precautions as their own memo records, it also serves as a reference for others.

 

 
 

  
  
#include <windows.h> 
  
  
#include <iostream> 
  
  
using namespace std; 
  
  
 
  
  
void AjustPrivilege_LOGOFF() 
  
  
{ 
  
  
    HANDLE hToken; 
  
  
    TOKEN_PRIVILEGES tkp_logoff; 
  
  
     
  
  
    OpenProcessToken( 
  
  
        GetCurrentProcess(), 
  
  
        TOKEN_ADJUST_PRIVILEGES | 
  
  
        TOKEN_QUERY, 
  
  
        &hToken 
  
  
        ); 
  
  
 
  
  
    LookupPrivilegeValue( 
  
  
        NULL, 
  
  
        SE_DEBUG_NAME, 
  
  
        &tkp_logoff.Privileges[0].Luid 
  
  
        ); 
  
  
 
  
  
    tkp_logoff.PrivilegeCount=1; 
  
  
    tkp_logoff.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED; 
  
  
 
  
  
    AdjustTokenPrivileges( 
  
  
        hToken,    
  
  
        FALSE,    
  
  
        &tkp_logoff,    
  
  
        0, 
  
  
        (PTOKEN_PRIVILEGES)NULL,  
  
  
        0); 
  
  
} 
  
  
 
  
  
void AjustPrivilege_SHUTDOWN() 
  
  
{ 
  
  
    HANDLE hToken; 
  
  
    TOKEN_PRIVILEGES tkp_shutdown; 
  
  
     
  
  
    OpenProcessToken( 
  
  
        GetCurrentProcess(), 
  
  
        TOKEN_ADJUST_PRIVILEGES | 
  
  
        TOKEN_QUERY, 
  
  
        &hToken 
  
  
        ); 
  
  
 
  
  
    LookupPrivilegeValue( 
  
  
        NULL, 
  
  
        SE_SHUTDOWN_NAME, 
  
  
        &tkp_shutdown.Privileges[0].Luid 
  
  
        ); 
  
  
 
  
  
    tkp_shutdown.PrivilegeCount=1; 
  
  
    tkp_shutdown.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED; 
  
  
 
  
  
    AdjustTokenPrivileges( 
  
  
        hToken,    
  
  
        FALSE,    
  
  
        &tkp_shutdown,    
  
  
        0, 
  
  
        (PTOKEN_PRIVILEGES)NULL,  
  
  
        0); 
  
  
} 
  
  
 
  
  
int main() 
  
  
{ 
  
  
    int choose; 
  
  
 
  
  
    cout<<"choose:"<<endl<<"1-logoff"<<endl<<"2-shutdown"<<endl; 
  
  
    cin>>choose; 
  
  
 
  
  
    switch(choose) 
  
  
    { 
  
  
    case 1: 
  
  
        AjustPrivilege_LOGOFF(); 
  
  
        ExitWindowsEx(EWX_LOGOFF,0); 
  
  
        cout<<"now,logoff is start..."<<endl; 
  
  
        break; 
  
  
    case 2: 
  
  
        AjustPrivilege_SHUTDOWN(); 
  
  
        ExitWindowsEx(EWX_SHUTDOWN,0); 
  
  
        cout<<"now,shutdown is start..."<<endl; 
  
  
        break; 
  
  
    default: 
  
  
        cout<<"fuck!"<<endl; 
  
  
        break; 
  
  
    } 
  
  
} 
 
 

The above is all the code so far.

The following is a brief analysis.

 

 

 
 

  
  
void AjustPrivilege_LOGOFF() 
  
  
{ 
  
  
    HANDLE hToken; 
  
  
    TOKEN_PRIVILEGES tkp_logoff; 
  
  
     
  
  
    OpenProcessToken( 
  
  
        GetCurrentProcess(), 
  
  
        TOKEN_ADJUST_PRIVILEGES | 
  
  
        TOKEN_QUERY, 
  
  
        &hToken 
  
  
        ); 
  
  
 
  
  
    LookupPrivilegeValue( 
  
  
        NULL, 
  
  
        SE_DEBUG_NAME, 
  
  
        &tkp_logoff.Privileges[0].Luid 
  
  
        ); 
  
  
 
  
  
    tkp_logoff.PrivilegeCount=1; 
  
  
    tkp_logoff.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED; 
  
  
 
  
  
    AdjustTokenPrivileges( 
  
  
        hToken,    
  
  
        FALSE,    
  
  
        &tkp_logoff,    
  
  
        0, 
  
  
        (PTOKEN_PRIVILEGES)NULL,  
  
  
        0); 
  
  
} 
  
  
 
  
  
void AjustPrivilege_SHUTDOWN() 
  
  
{ 
  
  
    HANDLE hToken; 
  
  
    TOKEN_PRIVILEGES tkp_shutdown; 
  
  
     
  
  
    OpenProcessToken( 
  
  
        GetCurrentProcess(), 
  
  
        TOKEN_ADJUST_PRIVILEGES | 
  
  
        TOKEN_QUERY, 
  
  
        &hToken 
  
  
        ); 
  
  
 
  
  
    LookupPrivilegeValue( 
  
  
        NULL, 
  
  
        SE_SHUTDOWN_NAME, 
  
  
        &tkp_shutdown.Privileges[0].Luid 
  
  
        ); 
  
  
 
  
  
    tkp_shutdown.PrivilegeCount=1; 
  
  
    tkp_shutdown.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED; 
  
  
 
  
  
    AdjustTokenPrivileges( 
  
  
        hToken,    
  
  
        FALSE,    
  
  
        &tkp_shutdown,    
  
  
        0, 
  
  
        (PTOKEN_PRIVILEGES)NULL,  
  
  
        0); 
  
  
} 
 
 

The above two functions are used to obtain the permissions required for shutdown operations. This is a security measure added to windows after win2k. It should be noted that I had been entangled in this issue for four consecutive days during code writing. The following is a detailed explanation.

We can see that there is no big difference between the two functions, but why do I need to write two functions? At the beginning, I didn't know how to write it, so I only wrote one. However, the tragedy has emerged. Compare the two statements:

 

 
 

  
  
LookupPrivilegeValue( 
  
  
        NULL, 
  
  
        SE_DEBUG_NAME, 
  
  
        &tkp_logoff.Privileges[0].Luid 
  
  
        ); 
  
  
 
  
  
LookupPrivilegeValue( 
  
  
        NULL, 
  
  
        SE_SHUTDOWN_NAME, 
  
  
        &tkp_shutdown.Privileges[0].Luid 
  
  
        ); 
 
 

Have you found that the second parameter is different. I didn't know the difference at the time. It was stuck here for a long time. Because only the first one is written, you can only log out. If only the first one is written, you can only shut down the system, no matter whether the parameters of the following ExitWindowsEx () function are EWX_LOGOFF or EWX_SHUTDOWN.

That is to say, we can understand that the final operation is mainly related to the LookupPrivilegeValue () function, while ExitWindowsEx () only plays a role in the final operation.<--- This part is my personal understanding. I hope Daniel can correct me.

Then let's look back at these two functions. Their role has been said to improve permissions. Therefore, it is convenient for some lazy readers not to go to Baidu or GOOGLE. We will analyze each statement, but will not explain it in detail, because I am not familiar with it myself ).

 

 
 

  
  
OpenProcessToken(
  
  
 GetCurrentProcess(),
  
  
 TOKEN_ADJUST_PRIVILEGES |
  
  
 TOKEN_QUERY,
  
  
 &hToken
  
  
 );
 
 

This function is used to obtain the process tag. The last parameter is the handle created by myself.

 

 
 

  
  
LookupPrivilegeValue( 
  
  
        NULL, 
  
  
        SE_DEBUG_NAME, 
  
  
        &tkp_logoff.Privileges[0].Luid 
  
  
        ); 
 
 

Obtain the unique identifier of the Local Machine. Note that if you need to shut down remotely, the parameters will change accordingly. For details, referLatest VersionMSDN.

 

 
 

  
  
tkp_logoff.PrivilegeCount=1; 
  
  
tkp_logoff.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED; 
 
 

The first statement is used to specify the number of operations, and the second statement is used to improve permission replication. I am not very clear about these two statements. For details, referLatest MSDN version.

 

 
 

  
  
AdjustTokenPrivileges( 
  
  
        hToken,    
  
  
        FALSE,    
  
  
        &tkp_logoff,    
  
  
        0, 
  
  
        (PTOKEN_PRIVILEGES)NULL,  
  
  
        0); 
 
 

This function is used to enable or disable the privilege. An access token with TOKEN_ADJUST_PRIVILEGES access is not clear to me. For details, referLatest MSDN version.

 

At present, this completes, and only enables the program to operate the computer for logout and shutdown. Of course, if you want to add the restart or sleep functions, you can also, but remember to add the corresponding function. Just remember that functions correspond to operations. The next step is to implement the timing function. With my understanding of myself, viewing instances, analyzing instances, and writing code and testing, I can't take it for four days. It may take about one week to write the article, if a friend wants to finish reading this series, he may wait.<--- I guess no one looks back at what I wrote by cainiao (Laugh )...

 

In any case, please wait for the future.

This article is from the "cat nest" blog, please be sure to keep this source http://moowoo.blog.51cto.com/2665885/532388