机房电脑没有设置防火墙什么的,所以同学在没事的时候经常利用shutdown给别人开玩笑被关了好几次以后也就对shutdown有了点兴趣。所以,今天在OD里看了下shutdown.exe的程序。顺便用C表达出来如果可以的话,希望可以申请邀请码

引用:
#include "stdafx.h"
#include "windows.h"
#include "malloc.h"
#include "stdlib.h"
// WORD (*u_SetThreadUILanguage)(WORD ID);
int Shutdowntime=0;
int ComputerNameParam=0;
int MessageParam=0;
int BoolShutdown=0;
bool AppsClosed=false;
bool ReBoot=false;
void InitHelp(char* argv)
{

}
int AbortShutdown(char* computername)
{
  return AbortSystemShutdown(NULL);
}
void GetShutdownParam(int argc,char* argv[])
{
  //分析参数信息
}
int ShutdownPrivilege()
{
  //利用RtlAdjustPrivilege给自身提权
  bool bprev=0;
  typedef int (_stdcall *RtlPrivilege)(int,bool,bool,bool*);
  RtlPrivilege RtlProc;
  HMODULE Module=GetModuleHandle("ntdll.dll");
  RtlProc=(RtlPrivilege)GetProcAddress(Module,"RtlAdjustPrivilege");
  /*_asm{
    lea eax,bprev;
    push eax;
    push 0;
    push 1;
    push 0x13;
    mov ecx,RtlProc;
    call ecx;
    lea eax,bprev;
    push eax;
    push 0;
    push 1;
    push 0x18;
    mov ecx,RtlProc;
    call ecx;
    test eax,eax;
  }*/
  if(RtlProc(0*13,1,0,&bprev)==0)
  {
    RtlProc(0*18,1,0,&bprev);
  }
  return 0;
}

void ShutdownUI()
{
  HMODULE hProcess=GetModuleHandle(NULL);
  if(hProcess==NULL)
  {
    exit(0);
  }
  DialogBoxParam(hProcess,65,NULL,DialogProc,NULL);
}
int main(int argc, char* argv[])
{
  /*typedef WORD(*u_SetThreadUILanguage)(WORD);
  u_SetThreadUILanguage SetUI;
  HMODULE h_Kernel32;
  h_Kernel32=LoadLibrary("kernel32.dll");
  if(h_Kernel32==NULL)
  {
    
  }
  SetUI=(u_SetThreadUILanguage)GetProcAddress(h_Kernel32,"SetThreadUILanguage");
  if(SetUI!=NULL)
    SetUI(0);
  FreeLibrary(h_Kernel32);*/
  //SetThreadUILanguage(0);
//  computer=(char*)malloc(100);

  char *Computername;
  Computername=(char*)malloc(260);
  memset(Computername,'\0',260);
  char *MessageSend=(char*)malloc(127);
  memset(MessageSend,'\0',127);
  int time=0;
  char Userdomain[260];
  GetEnvironmentVariable("USERDOMAIN",Userdomain,260);
  GetEnvironmentVariable("COMPUTERNAME",Computername,260);

  if(argc==1)
  {
    InitHelp(argv[0]);
    return 0;
  }
  if(!(strncmp(argv[1],"-i",2)&&strncmp(argv[1],"-I",2)&&strncmp(argv[1],"/i",2)&&strncmp(argv[1],"/I",2)))
  {
    ShutdownUI();
    exit(0);
  }
  ShutdownPrivilege();
  GetShutdownParam(argc,argv);
  
  if(BoolShutdown)
  {
    if(ComputerNameParam)
    {
      strcpy(Computername,argv[ComputerNameParam]);      
    }else{
      Computername=NULL;
    }
    if(MessageParam)
    {
      strcpy(MessageSend,argv[MessageParam]);
    }else{
      MessageSend=NULL;
    }
    InitiateSystemShutdown(Computername,MessageSend,Shutdowntime,AppsClosed,ReBoot);
    int i=GetLastError();
    getchar();
  }else{
    InitHelp(argv[0]);
  }
  return 0;
}