关机/重启的API为:
ExitWindowEx
ExitWindowsEx:
This function shuts down the system.
BOOL ExitWindowsEx( UINT, DWORD);
Parameters
uFlags
Specifies the type of shutdown. This parameter must include one
of the following values:
Value
Meaning
EWX_LOGOFF
Shuts down all processes running in the security
context of the process that called the ExitWindowsEx
function. Then it logs the user off.
EWX_POWEROFF
Shuts down the system and turns off the power. The
system must support the power-off feature.
Windows NT: The calling process must have the
SE_SHUTDOWN_NAME privilege. For more information, see the following
Remarks section.
EWX_REBOOT
Shuts down the system and then restarts the system.
Windows NT: The calling process must have the
SE_SHUTDOWN_NAME privilege. For more information, see the following
Remarks section.
EWX_SHUTDOWN
Shuts down the system to a point at which it is
safe to turn off the power. All file buffers have been flushed to
disk, and all running processes have stopped.
Windows NT: The calling process must have the
SE_SHUTDOWN_NAME privilege. For more information, see the following
Remarks section.
This parameter can optionally include the following
values:
Value
Meaning
EWX_FORCE
Forces processes to terminate. When this flag is
set, the system does not send the WM_QUERYENDSESSION and
WM_ENDSESSION messages. This can cause the applications to lose
data. Therefore, you should only use this flag in an
emergency.
EWX_FORCEIFHUNG
Windows NT 5.0 and later: Forces processes
to terminate if they do not respond to the WM_QUERYENDSESSION or
WM_ENDSESSION message. This flag is ignored if EWX_FORCE is
used.
Remark:
Windows NT: To shut down or restart the system, the
calling process must use the AdjustTokenPrivileges function to
enable the SE_SHUTDOWN_NAME privilege.
For more information about security privileges, see Privileges.
Windows 95: ExitWindowEx does not work from a
console application, as it does on Windows NT.
权限修改API:
XP是基于NT的核心,对安全性有一定的要求,在默认的情况下进程的一些访问权限是没有被使能(Enabled)的,所以我们要做的首先是使能这些权限。在调用ExitWindowEx这个函数之前,必须将自己的权限提升.否则调用失败,通过GetLastError可以得到错误代码为:
1314 A required privilege is not held bythe
client. ERROR_PRIVILEGE_NOT_HELD
权限修改相关的一些API函数有OpenProcessToken、LookupPrivilegevalue、AdjustTokenPrivileges。
我们要修改一个进程的访问令牌,首先要获得进程访问令牌的句柄,这可以通过OpenProcessToken得到,函数的原型如下:
BOOL OpenProcessToken(
__in HANDLE ProcessHandle, //要修改访问权限的进程句柄
__in DWORD DesiredAccess, //指定你要进行的操作类型
__out PHANDLE TokenHandle //返回的访问令牌指针
);
第一参数是要修改访问权限的进程句柄;第三个参数就是返回的访问令牌指针;第二个参数指定你要进行的操作类型,如要修改访问令牌的特权,我们要指定第二个参数为TOKEN_ADJUST_PRIVILEGES(其它一些参数可参考Platform
SDK)。通过这个函数我们就可以得到当前进程的访问令牌的句柄(指定函数的第一个参数为GetCurrentProcess()就可以了)。
通过LookupPrivilegeValue查看系统权限的特权值,返回信息到一个LUID结构体里。
BOOL LookupPrivilegeValue(LPCTSTR lpSystemName,LPCTSTR
lpName,PLUID lpLuid);
第一个参数表示所要查看的系统,本地系统直接用NULL
第二个参数表示所要查看的特权信息的名称,定义在winnt.h中,具体指请MSDN索引“windows nt
privileges”
第三个参数用来接收所返回的制定特权名称的信息。
函数调用成功后,信息存入第三个类型为LUID的结构体中,并且函数返回非0。
接着我们可以调用AdjustTokenPrivileges对这个访问令牌进行修改。AdjustTokenPrivileges的原型如下:
BOOL AdjustTokenPrivileges(
HANDLE TokenHandle, // handle to token
BOOL DisableAllPrivileges, // disabling option
PTOKEN_PRIVILEGES NewState, // privilege information
DWORD BufferLength, // size of buffer
PTOKEN_PRIVILEGES PreviousState, // original state buffer
PDWORD ReturnLength // required buffer size
);
第一个参数是访问令牌的句柄;第二个参数决定是进行权限修改还是除能(Disable)所有权限;第三个参数指明要修改的权限,是一个指向TOKEN_PRIVILEGES结构的指针,该结构包含一个数组,数据组的每个项指明了权限的类型和要进行的操作;
第四个参数是结构PreviousState的长度,如果PreviousState为空,该参数应为NULL;第五个参数也是一个指向TOKEN_PRIVILEGES结构的指针,存放修改前的访问权限的信息,可空;最后一个参数为实际PreviousState结构返回的大小。
在使用这个函数前再看一下TOKEN_PRIVILEGES这个结构,其声明如下:
typedef struct _TOKEN_PRIVILEGES {
DWORD PrivilegeCount;
LUID_AND_ATTRIBUTES Privileges[];
} TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES;
PrivilegeCount指的数组元素的个数,接着是一个LUID_AND_ATTRIBUTES类型的数组,再来看一下LUID_AND_ATTRIBUTES这个结构的内容,声明如下:
typedef struct _LUID_AND_ATTRIBUTES {
LUID Luid;
DWORD Attributes;
} LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES
第二个参数就指明了我们要进行的操作类型,有三个可选项:
SE_PRIVILEGE_ENABLED、SE_PRIVILEGE_ENABLED_BY_DEFAULT、SE_PRIVILEGE_USED_FOR_ACCESS。要使能一个权限就指定Attributes为SE_PRIVILEGE_ENABLED。第一个参数就是指权限的类型,是一个LUID的值,就是我们通过LookupPrivilegeValue获取到的。
实例代码:
//提升权限
HANDLE hToken; TOKEN_PRIVILEGES tkp;
// Get a token for this process. if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) return( FALSE );
// Get the LUID for the shutdown privilege. LookupPrivilegeValue(NULL, SE_SHUTDOWN_NAME, &tkp.Privileges[0].Luid);
tkp.PrivilegeCount = 1; // one privilege to set tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
// Get the shutdown privilege for this process. AdjustTokenPrivileges(hToken, FALSE, &tkp, 0, (PTOKEN_PRIVILEGES)NULL, 0);
if (GetLastError() ==
ERROR_SUCCESS)
{ //关机
BOOL
ret = ExitWindowsEx(EWX_SHUTDOWN,
0);
if(0 ==
ret)
{
DWORD err = GetLastError();
MessageBox(NULL,"关机失败!","提示",MB_OK);
}
}