在Win2000中动态禁用/启用Ctrl-Alt-Del

首页 > Linux

在Win2000中动态禁用/启用Ctrl-Alt-Del

51自学网 http://www.wanshiok.com

//---------------------------------------------------------------------------
//作者：韦覃武,jiangsheng
//网上呢称：BCB_FANS(四大名捕之追杀令)（此为CSDN和www.driverdevelop.com之帐号）jiangsheng（此为CSDN帐号）
//E-Mail ：slwqw@163.com
//日期：2002-10-20
//2002-11-5 jingsheng修改
//功能：在2000下屏蔽Ctrl + Alt + Del组合键。（在Windows 2000 Professional SP3
// 中文版平台下面测试通过）
//原理：采用远程线程注入技术，装载一个DLL到Winlogon进程，然后截获SAS窗口的窗
// 口过程，接管WM_HOTKEY消息，以达到屏蔽Ctrl + Alt + Del之目的。
//开发语言：Borland C++Builder 5.0 Patch2，Visual C++ 6.0 SP5
//技术比较：关于在2000下面如何屏蔽Ctrl + Alt + Del组合键，一种常被提到的解决方法就
// 是使用自己写的GINA去替换MSGINA.DLL，然后在WlxLoggedOnSAS里边直接返回
// WLX_SAS_ACTION_NONE。嘿嘿，说到底这并不是真正地屏蔽了这个组合键，只是
// 直接返回WLX_SAS_ACTION_NONE时，Winlogon进程又自动从"Winlogon"桌面切换
// 回原来的"Default"桌面了，而不是显示安全对话框，所以看起来被屏蔽了：），
// 使用那种方法明显地看到桌面在闪烁！但是使用本文的方法时，你不会看到任
// 何闪烁！
//鸣谢：www.driverdevelop.com上的icube和lu0。
//版权：转载请注明原作者：）

//---------------------------------------------------------------------------

#include "stdafx.h"
#include <tlhelp32.h>
#include <lmerr.h>

#include "Hook.h"
//add by jiangsheng 2002-11-5
#include "TaskKeyMgr.h"
#include "Wrappers.h"//复制自MSDN杂志Windows XP Escape from DLL Hell with Custom Debugging and Instrumentation Tools and Utilities的代码
extern BOOL Is_Terminal_Services () ;//复制自Platform SDK文档: Windows System Information /Verifying the System Version
//end add by jiangsheng 2002-11-5
//---------------------------------------------------------------------------
//错误代码格式化函数
//replaced by jiangsheng 2002-11-5
//from Q149409 HOWTO: Get Message Text from Networking Error Codes

CString __fastcall SysErrorMessage(DWORD dwLastError )
{
    CString strRet(_T("Unknown error"));
    HMODULE hModule = NULL; // default to system source
    LPSTR MessageBuffer;
    DWORD dwBufferLength;

    DWORD dwFormatFlags = FORMAT_MESSAGE_ALLOCATE_BUFFER |
        FORMAT_MESSAGE_IGNORE_INSERTS |
        FORMAT_MESSAGE_FROM_SYSTEM ;

    //
    // If dwLastError is in the network range,
    // load the message source.
    //

    if(dwLastError >= NERR_BASE && dwLastError <= MAX_NERR) {
        hModule = LoadLibraryEx(TEXT("netmsg.dll"),NULL,LOAD_LIBRARY_AS_DATAFILE);
        if(hModule != NULL)
            dwFormatFlags |= FORMAT_MESSAGE_FROM_HMODULE;
    }

    //
    // Call FormatMessage() to allow for message
    // text to be acquired from the system
    // or from the supplied module handle.
    //

    if(dwBufferLength = FormatMessageA(
        dwFormatFlags,
        hModule, // module to get message from (NULL == system)
        dwLastError,
        MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // default language
        (LPSTR) &MessageBuffer,
        0,
        NULL
        ))
    {

        //
        // Output message string on stderr.
        //
        strRet=CString(MessageBuffer,dwBufferLength);
        //
        // Free the buffer allocated by the system.
        //
        LocalFree(MessageBuffer);
    }

    //
    // If we loaded a message source, unload it.
    //
    if(hModule != NULL)
        FreeLibrary(hModule);
    return strRet;
}
//end replaced by jiangsheng 2002-11-5
//---------------------------------------------------------------------------

#ifdef UNICODE
LPCSTR LoadLibraryFuncStr = "LoadLibraryW";
LPCSTR GetModuleHandleFuncStr = "GetModuleHandleW";
#else
LPCSTR LoadLibraryFuncStr = "LoadLibraryA";
LPCSTR GetModuleHandleFuncStr = "GetModuleHandleA";
#endif
LPCSTR FreeLibraryFuncStr = "FreeLibrary";
LPCSTR GetProcAddressFuncStr = "GetProcAddress";
LPCSTR GetLastErrorFuncStr = "GetLastError";

//---------------------------------------------------------------------------
//removed by jiangsheng 2002-11-5
//const char* const RemoteDllName = "RemoteDll.Dll";
//end removed by jiangsheng 2002-11-5
LPCTSTR szRemoteProcessName = "Winlogon.exe";

typedef HINSTANCE (WINAPI *PLOADLIBRARY)(LPCTSTR );
typedef BOOL (WINAPI *PFREELIBRARY)(HINSTANCE);
typedef HMODULE (WINAPI* PGETMODULEHANDLE)(LPCTSTR );
typedef PVOID (WINAPI* PGETPROCADDRESS)(HINSTANCE,LPCSTR);
typedef DWORD (WINAPI* PGETLASTERROR)(VOID);

BOOL __fastcall EnablePrivilege(LPCTSTR lpszPrivilegeName,BOOL bEnable);
DWORD __fastcall GetPIDFromName(LPCTSTR lpszProcName);

//---------------------------------------------------------------------------

typedef struct
{
    PLOADLIBRARY pfnLoadLibrary;
    PGETLASTERROR pfnGetLastError;
    TCHAR szDllName[1024];
    DWORD dwReturnValue;
} INJECTLIBINFO;

typedef struct
{
    PFREELIBRARY pfnFreeLibrary;
    PGETMODULEHANDLE pfnGetModuleHandle;
    PGETLASTERROR pfnGetLastError;
    DWORD dwReturnValue;
    TCHAR szDllName[1024];

} DEINJECTLIBINFO;

//---------------------------------------------------------------------------
//远程线程，用来装载DLL
static DWORD WINAPI ThreadFuncAttach(INJECTLIBINFO *pInfo)
{
HINSTANCE hDll=NULL;
pInfo->dwReturnValue = 0;
hDll = (HINSTANCE)pInfo->pfnLoadLibrary(pInfo->szDllName);
if(hDll == NULL)
pInfo->dwReturnValue = pInfo->pfnGetLastError();
return((DWORD)hDll);
}

//---------------------------------------------------------------------------
//占位函数，用来计算ThreadFuncAttach的大小
static void AfterThreadFuncAttach(void)
{
}

//---------------------------------------------------------------------------
//远程线程，用来卸载DLL
static DWORD WINAPI ThreadFuncDetach(DEINJECTLIBINFO *pInfo)
{
    HINSTANCE hDll = NULL;
    BOOL bResult=FALSE;
    BOOL bHasFoundModule = FALSE;

pInfo->dwReturnValue = 0;//意味成功，如果这个值不是0，则是一个错误代码。

    while((hDll = pInfo->pfnGetModuleHandle(pInfo->szDllName)) != NULL)
    {
        bHasFoundModule = TRUE;

        bResult = pInfo->pfnFreeLibrary(hDll);
        if(bResult == FALSE)
        {
            pInfo->dwReturnValue = pInfo->pfnGetLastError();
            break;
        }
    }

    if(pInfo->dwReturnValue == 0 && !bHasFoundModule)
    {
        pInfo->dwReturnValue = pInfo->pfnGetLastError();
    }

return 1;
}

//---------------------------------------------------------------------------
//占位函数，用来计算ThreadFuncDetach的大小
static void AfterThreadFuncDetach(void)
{
}

//---------------------------------------------------------------------------
//修改本进程的权限
BOOL __fastcall EnablePrivilege(LPCTSTR lpszPrivilegeName,BOOL bEnable)
{
    HANDLE hToken;
    TOKEN_PRIVILEGES tp;
    LUID luid;

    if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES |
        TOKEN_QUERY | TOKEN_READ,&hToken))
        return FALSE;
    if(!LookupPrivilegeValue(NULL, lpszPrivilegeName, &luid))
        return TRUE;

    tp.PrivilegeCount = 1;
    tp.Privileges[0].Luid = luid;
    tp.Privileges[0].Attributes = (bEnable) ? SE_PRIVILEGE_ENABLED : 0;

AdjustTokenPrivileges(hToken,FALSE,&tp,NULL,NULL,NULL);

CloseHandle(hToken);

return (GetLastError() == ERROR_SUCCESS);
}

　
2/2 首页上一页 1 2

上一篇：Windows运行命令集锦下一篇：S3c2440A平台HIVE注册表+binfs的实现