標籤:
整理資料的時候發現的以前的代碼,本機Win7 x64 Sp1 運行直接關機,黑屏。就是利用RtlAdjustPrivilege函數提權,代碼中的注釋寫的很詳細了。用的VS2010寫的,直接編譯成x64就可以運行,直接關機了。
#include "stdafx.h"#include <Windows.h>#include <stdio.h>//定義函數原型typedef long (__fastcall *pfnRtlAdjustPrivilege64)(ULONG,ULONG,ULONG,PVOID);typedef int (* pfnZwShutdownSystem)(int);pfnRtlAdjustPrivilege64 RtlAdjustPrivilege;pfnZwShutdownSystem ZwShutdownSystem;int _tmain(int argc, _TCHAR* argv[]){ //裝載DLL HMODULE hModule = ::LoadLibrary(L"NTDLL.DLL"); if(hModule == NULL) { printf("LoadLibrary error\n"); return 0; } //得到匯出函數的地址 RtlAdjustPrivilege = (pfnRtlAdjustPrivilege64)GetProcAddress(hModule, "RtlAdjustPrivilege"); ZwShutdownSystem = (pfnZwShutdownSystem)GetProcAddress(hModule,"ZwShutdownSystem"); if(RtlAdjustPrivilege == NULL) { printf("GetProcAddress error \n"); return 0; } //取得系統版本 OSVERSIONINFO osvi; osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); if(GetVersionEx(&osvi) == 0) { return false; } DWORD dwReturnval; if(osvi.dwPlatformId == VER_PLATFORM_WIN32_NT) { /* .常量 SE_BACKUP_PRIVILEGE, "17", 公開 .常量 SE_RESTORE_PRIVILEGE, "18", 公開 .常量 SE_SHUTDOWN_PRIVILEGE, "19", 公開 .常量 SE_DEBUG_PRIVILEGE, "20", 公開 */ RtlAdjustPrivilege(19, 1, 0, &dwReturnval); } //強制關機, 不向進程發送WM_QUERYENDSESSION訊息 //ExitWindowsEx(EWX_FORCE, 0); //退出使用者 ZwShutdownSystem(2); //直接黑屏 return 0;}
Windows 瞬間關機代碼
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
