昨天主要在提权函数的C2ASM上纠缠了太久,无法确定addr加的时机。改了许多次都无效。翻了很多网页,有VB,VC,C,C++,PB,DELPHI。。。死活没有汇编的。一直找到11点半,才算找到了一个汇编版本。换上之后,立杆见影。
程序如下:
.386
.model flat,stdcall
option casemap:none
include advapi32.inc
includelib advapi32.lib
include kernel32.inc
includelib kernel32.lib
include user32.inc
includelib user32.lib
include windows.inc
IDD_DIALOG1 equ 101
ID_OK equ 1001
IDC_STATIC1 equ 1002
.data
text1 db "请点击下面的按钮~",0
text2 db "好事成双,请再点",0
text3 db "好玩吗?保存下手头工作,继续点击吧,有惊喜",0
rebo db "SeShutdownPrivilege",0
reb dd ?
eee db 0
.code
Reboot proc
LOCAL hToken: HANDLE
LOCAL tkp: TOKEN_PRIVILEGES
LOCAL tkpnew: TOKEN_PRIVILEGES
LOCAL hhh: DWORD
invoke GetCurrentProcess
mov hhh,eax
invoke OpenProcessToken, hhh, TOKEN_ADJUST_PRIVILEGES+TOKEN_QUERY, addr hToken;第一个参数是句柄。第二个参数表示操作类型。第三个参数表示返回的访问令牌指针
invoke LookupPrivilegeValue,NULL,addr rebo, addr tkp.Privileges[0].Luid
mov tkp.PrivilegeCount,1
mov eax,SE_PRIVILEGE_ENABLED
mov tkp.Privileges[0].Attributes ,eax
invoke AdjustTokenPrivileges, hToken, FALSE, addr tkp, 0, NULL, 0
mov reb,EWX_REBOOT
invoke ExitWindowsEx,reb, NULL
ret
Reboot endp
DlgProc proc hwnd:HWND,umsg:UINT,wpar:WPARAM,lpar:LPARAM
.if umsg==WM_INITDIALOG
invoke SetDlgItemText, hwnd,IDC_STATIC1,addr text1
.elseif umsg==WM_CLOSE
invoke EndDialog,hwnd,NULL
.elseif umsg==WM_COMMAND
mov eax,wpar
.if ax==ID_OK
inc eee
.if eee==1
invoke SetDlgItemText,hwnd,IDC_STATIC1,addr text2
.elseif eee==2
invoke SetDlgItemText,hwnd,IDC_STATIC1,addr text3
.elseif eee==3
invoke Reboot
.endif
.endif
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret
DlgProc endp
start:
invoke GetModuleHandle,NULL
invoke DialogBoxParam,eax,IDD_DIALOG1,NULL,DlgProc,NULL
invoke ExitProcess,NULL
end start