Windows XP下屏蔽Ctrl_Alt_Del键的方法

最新推荐文章于 2024-04-29 16:22:54 发布

小宇飞刀

最新推荐文章于 2024-04-29 16:22:54 发布

阅读量825

点赞数

分类专栏： Delphi 文章标签： windows xp string token module query

本文链接：https://blog.csdn.net/xieyunc/article/details/4125928

版权

Delphi 专栏收录该内容

160 篇文章 6 订阅

订阅专栏

//调用下面两个函数就可以了
procedure RunFuckCAD; //屏蔽Ctrl+Alt+Del
procedure StopFuckCAD; //取消屏蔽Ctrl+Alt+Del
点击下载源文件
主要代码为：

view plain copy to clipboard print ?

unit Fuck_CAD_Unit;
interface
uses Windows, TLHelp32,SysUtils;
const
MyKernel='SnowmanLockScreenHook.Dll'; //释放完得文件名，可以自己改
Winlogon='winlogon.exe';
MyKernelSize=9216;
MyKernelBuf:Array [0..9215] of Byte =
(
//... 数组内容太多，略，见源文件
);
procedure RunFuckCAD;
procedure StopFuckCAD;
implementation
procedure GetDebugPrivs; //提升到Debug权限
var
hToken: THandle;
tkp: TTokenPrivileges;
retval: dword;
begin
If (OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, hToken)) then
begin
LookupPrivilegeValue(nil, 'SeDebugPrivilege' , tkp.Privileges[0].Luid);
tkp.PrivilegeCount := 1;
tkp.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hToken, False, tkp, 0, nil, retval);
end;
end;
function NameToPID(ExeName:pchar):longword;
//通过进程文件名返回一个Pid，如果多个同名进程返回第一个进程的Pid
var
hSnap:longword;
ProcessEntry: TProcessEntry32;
c:boolean;
begin
result:=0;
hSnap:= CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
ProcessEntry.dwSize:= Sizeof(TProcessEntry32);
c:= Process32First(hSnap,ProcessEntry);
While c do
begin
if LstrcmpiA(ExeName,ProcessEntry.szExeFile)= 0 then
begin
result:=ProcessEntry.th32ProcessID;
break;
end;
c:=Process32Next(hSnap,ProcessEntry);
end;
CloseHandle(hSnap);
end;
function GetSysPath:pchar; //最后没加'/'
var
a:pchar;
begin
GetMem(a,255);
GetSystemDirectory(a,255);
Result:=a;
end;
procedure DelKernel;
begin
DeleteFile(pchar(string(GetSysPath)+'/'+string(MyKernel))) ;
end;
function CreateKernelFile(SaveFile:String):Boolean;
var
hFile:THandle;
BytesWrite: dword;
begin
Result:=False;
hFile := CreateFile(Pchar(SaveFile),GENERIC_READ or GENERIC_WRITE,FILE_SHARE_READ,nil,CREATE_ALWAYS,0,0);
if hFile = INVALID_HANDLE_VALUE then Exit;
if WriteFile(hFile,MyKernelBuf,MyKernelSize, BytesWrite, nil) then Result:=True;
CloseHandle(hFile);
end;
Function GetModule(ProcessName,ModuleName:Pchar):longword;
//This is a function written by Hke.
//检查进程是否加载DLL，是返回指针，否返回0
var
PID:longword;
hModuleSnap:longword;
ModuleEntry: TModuleEntry32;
begin
Pid:=NameToPID(ProcessName);
GetDebugPrivs;
hModuleSnap:=CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,Pid);
ModuleEntry.dwSize:=SizeOf(TModuleEntry32);
result:=0;
if Module32First(hModuleSnap,ModuleEntry) then
if (LstrcmpiA(ModuleEntry.szModule,ModuleName)=0) then
Result:=ModuleEntry.hModule
else
begin
while Module32Next(hModuleSnap,ModuleEntry) do
begin
if LstrcmpiA(ModuleEntry.szModule,ModuleName)=0 then
begin
Result:=ModuleEntry.hModule;
break;
end;
end;
end;
CloseHandle(hModuleSnap);
end;

unit Fuck_CAD_Unit;

interface

uses Windows, TLHelp32,SysUtils;

const
  MyKernel='SnowmanLockScreenHook.Dll';  //释放完得文件名，可以自己改
  Winlogon='winlogon.exe';
  MyKernelSize=9216;
  MyKernelBuf:Array [0..9215] of Byte =
  (
     //... 数组内容太多，略，见源文件
  );

procedure RunFuckCAD;
procedure StopFuckCAD;

implementation

procedure GetDebugPrivs;  //提升到Debug权限
var
  hToken: THandle;
  tkp: TTokenPrivileges;
  retval: dword;
begin
  If (OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, hToken)) then
  begin
    LookupPrivilegeValue(nil, 'SeDebugPrivilege'  , tkp.Privileges[0].Luid);
    tkp.PrivilegeCount := 1;
    tkp.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
    AdjustTokenPrivileges(hToken, False, tkp, 0, nil, retval);
  end;
end;

function NameToPID(ExeName:pchar):longword;
//通过进程文件名返回一个Pid，如果多个同名进程返回第一个进程的Pid
  var
    hSnap:longword;
    ProcessEntry: TProcessEntry32;
    c:boolean;
  begin
    result:=0;
    hSnap:= CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
    ProcessEntry.dwSize:= Sizeof(TProcessEntry32);
    c:= Process32First(hSnap,ProcessEntry);
    While c  do
      begin
        if LstrcmpiA(ExeName,ProcessEntry.szExeFile)= 0 then
           begin
             result:=ProcessEntry.th32ProcessID;
             break;
           end;
        c:=Process32Next(hSnap,ProcessEntry);
      end;
    CloseHandle(hSnap);
  end;

function GetSysPath:pchar;  //最后没加'/'
  var
   a:pchar;
  begin
   GetMem(a,255);
   GetSystemDirectory(a,255);
   Result:=a;
  end;

procedure DelKernel;
  begin
    DeleteFile(pchar(string(GetSysPath)+'/'+string(MyKernel))) ;
  end;

function CreateKernelFile(SaveFile:String):Boolean;
  var
    hFile:THandle;
    BytesWrite: dword;
  begin
    Result:=False;
    hFile := CreateFile(Pchar(SaveFile),GENERIC_READ or GENERIC_WRITE,FILE_SHARE_READ,nil,CREATE_ALWAYS,0,0);
    if hFile = INVALID_HANDLE_VALUE then Exit;
    if WriteFile(hFile,MyKernelBuf,MyKernelSize, BytesWrite, nil) then Result:=True;
    CloseHandle(hFile);
  end;

Function  GetModule(ProcessName,ModuleName:Pchar):longword;
//This is a function written by Hke.
//检查进程是否加载DLL，是返回指针，否返回0
  var
    PID:longword;
    hModuleSnap:longword;
    ModuleEntry: TModuleEntry32;
  begin
    Pid:=NameToPID(ProcessName);
    GetDebugPrivs;
    hModuleSnap:=CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,Pid);
    ModuleEntry.dwSize:=SizeOf(TModuleEntry32);
    result:=0;
    if Module32First(hModuleSnap,ModuleEntry) then
      if  (LstrcmpiA(ModuleEntry.szModule,ModuleName)=0) then
        Result:=ModuleEntry.hModule
      else
        begin
          while  Module32Next(hModuleSnap,ModuleEntry) do
             begin
               if LstrcmpiA(ModuleEntry.szModule,ModuleName)=0 then
                 begin
                   Result:=ModuleEntry.hModule;
                   break;
                 end;
             end;
        end;
    CloseHandle(hModuleSnap);
  end;

内文分页： [1] [2]

小宇飞刀

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
Windows XP下屏蔽Ctrl_Alt_Del键的方法

//调用下面两个函数就可以了procedure RunFuckCAD; //屏蔽Ctrl+Alt+Delprocedure StopFuckCAD; //取消屏蔽Ctrl+Alt+Del点击下载源文件主要代码为：view plaincopy to clipboardprint?unit Fuck_CAD_Unit; interface
复制链接

扫一扫