Ring3下无驱动移除winlogon.exe进程ctrl+alt+del,win+u,win+l三个系统热键,非屏蔽热键
2011-07-15 21:24
435 查看
随手而作,纯粹技术研究,没什么实际意义。
打开xuetr,正常情况下.winlogon.exe注册了三个热键。
ctrl+alt+del,win+u,win+l三个。
这三个键用SetWindowsHookEx()函数,使用键盘钩子也屏蔽不了。
我们先把UnregisterSystemHotKey.dll解压出来,放到任意目录.
比如E盘根目录,就运行
打开xuetr,正常情况下.winlogon.exe注册了三个热键。
ctrl+alt+del,win+u,win+l三个。
这三个键用SetWindowsHookEx()函数,使用键盘钩子也屏蔽不了。
我们先把UnregisterSystemHotKey.dll解压出来,放到任意目录.
比如E盘根目录,就运行
rundll32 E:\UnregisterSystemHotKey.dll,Hook再打开xuetr看下,Winlogo.exe进程注册的热键都没有了.
#include <windows.h> #include <process.h> #include <tchar.h> #include <stdio.h> #include <shlwapi.h> #include <psapi.h> #pragma comment(lib, "psapi.lib") #pragma comment(lib, "shlwapi.lib") TCHAR ModuleFile[MAX_PATH]; TCHAR szText[128] = {0}; WNDPROC OldWindowProc; HWND hWinLogon; HMODULE hDll; LRESULT CALLBACK NewWindowProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam) { if (message == WM_NULL) { ::UnregisterHotKey(hWnd, 0); //Ctrl+Alt+delete ::UnregisterHotKey(hWnd, 4); //Ctrl+Shift+Esc ::UnregisterHotKey(hWnd, 5); //Win+L ::UnregisterHotKey(hWnd, 6); //Win+U ::SetWindowLongPtr(hWnd, GWL_WNDPROC, (LONG)OldWindowProc); return 1; } return CallWindowProc(OldWindowProc, hWnd, message, wParam, lParam); } BOOL WINAPI EnablePrivileges() { HANDLE hToken; TOKEN_PRIVILEGES tkp; if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) return( FALSE ); LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tkp.Privileges[0].Luid); tkp.PrivilegeCount = 1; tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; AdjustTokenPrivileges(hToken, FALSE, &tkp, 0, (PTOKEN_PRIVILEGES)NULL, 0); if (GetLastError() != ERROR_SUCCESS) return FALSE; return TRUE; } BOOL CALLBACK lpEnumWindowsProc(HWND hwnd, LPARAM lParam) { if (IsWindow(hwnd)) { ::GetWindowText(hwnd, szText, _countof(szText)); if (!_tcscmp(szText, TEXT("SAS window"))) { hWinLogon = hwnd; OldWindowProc = (WNDPROC)::SetWindowLongPtr(hwnd, GWL_WNDPROC, (LONG)NewWindowProc); PostMessage(hwnd, WM_NULL, 0, 0); return FALSE; } } return TRUE; } UINT _stdcall FreeSelfProc(void *Arg) { FreeLibraryAndExitThread(hDll, 0); return 1; } BOOL WINAPI DllMain(HINSTANCE hDllHandle, DWORD nReason, LPVOID Reserved) { switch ( nReason ) { case DLL_PROCESS_ATTACH: hDll = hDllHandle; GetModuleFileName(NULL, ModuleFile, _countof(ModuleFile)); EnablePrivileges(); if (StrStrI(ModuleFile, TEXT("winlogon.exe"))) { HANDLE hThread; UINT ThreadId; HDESK hWinLogon = OpenDesktop(TEXT("Winlogon"), 0, FALSE, GENERIC_ALL); ::EnumDesktopWindows(hWinLogon, lpEnumWindowsProc, NULL); CloseDesktop(hWinLogon); hThread = (HANDLE)_beginthreadex(NULL, NULL, &FreeSelfProc, 0, 0, &ThreadId); WaitForSingleObject(hThread, INFINITE); CloseHandle(hThread); } else { DWORD dwProcessId = 0; HANDLE hProcess = 0; DWORD ProcessList[512], cbNeeded, cProcess; TCHAR szFileName[256]; EnumProcesses(ProcessList, sizeof(ProcessList), &cbNeeded); cProcess = cbNeeded/sizeof(DWORD); for (UINT i=0; i<cProcess; i++) { if (ProcessList[i] != 0) { hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, ProcessList[i]); if (hProcess) { GetModuleBaseName(hProcess, NULL, szFileName, _countof(szFileName)); if (!_tcsicmp(szFileName, TEXT("winlogon.exe"))) { dwProcessId = ProcessList[i]; break; } } } } if (dwProcessId) { hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessId); } if (!hProcess) { return 0; } LPVOID Param = VirtualAllocEx(hProcess, 0, 512, MEM_COMMIT, PAGE_READWRITE); if (!Param) { MessageBox(NULL, TEXT("申请内存失败"), TEXT("申请内存失败"), MB_ICONWARNING); return 0; } GetModuleFileName(hDllHandle, ModuleFile, _countof(ModuleFile)); if (!WriteProcessMemory(hProcess, Param, (LPVOID)ModuleFile, 256, NULL)) { MessageBox(NULL, TEXT("写入内存失败"), TEXT("写入内存失败"), MB_ICONWARNING); return 0; } HANDLE hThread = CreateRemoteThread(hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle(TEXT("kernel32.dll")), "LoadLibraryW"), Param, NULL, NULL); if (hThread) { WaitForSingleObject(hThread, INFINITE); } else { TCHAR sztmp[1024]; _stprintf_s(sztmp, _countof(sztmp), TEXT("创建远程线程失败, 错误代码:%d, dll=%s"), GetLastError(), ModuleFile); MessageBox(NULL, sztmp, TEXT("创建远程线程失败"), MB_ICONWARNING); return 0; } VirtualFreeEx(hProcess, Param , 0, MEM_RELEASE); CloseHandle(hThread); CloseHandle(hProcess); } break; case DLL_THREAD_ATTACH: break; case DLL_THREAD_DETACH: break; case DLL_PROCESS_DETACH: ::SetWindowLongPtr(hWinLogon, GWL_WNDPROC, (LONG)OldWindowProc); break; default: break; } return 1; } EXTERN_C __declspec(dllexport) int Hook(void) { return 1; }
相关文章推荐
- Ring3下无驱动移除winlogon.exe进程ctrl+alt+del,win+u,win+l三个系统热键,非屏蔽热键(子类化SAS 窗口)
- 另类屏蔽系统键(Ctrl+Alt+Del)兼谈www.vbaccelerator.com网站
- Win7 禁止Ctrl+Alt+Del、Win+L等任意系统热键(利用IDA,windbg等工具分析)
- Win7 禁止Ctrl+Alt+Del、Win+L等任意系统热键
- 屏闭2000/XP/2003系统的Ctrl+Alt+Del热键
- 屏闭2000/XP/2003系统的Ctrl+Alt+Del热键
- 另类屏蔽系统键(Ctrl+Alt+Del)兼谈www.vbaccelerator.com网站
- windows xp 中如何屏蔽ctrl + Del + Alt等系统键
- Win7 禁止Ctrl+Alt+Del、Win+L等任意系统热键
- 屏闭2000/XP/2003系统的Ctrl+Alt+Del热键
- 另类屏蔽系统键(Ctrl+Alt+Del)兼谈www.vbaccelerator.com网站
- 另类屏蔽系统键(Ctrl+Alt+Del)兼谈www.vbaccelerator.com网站
- Delphi 屏蔽系统的Ctrl+Alt+Del
- 另类屏蔽系统键(Ctrl+Alt+Del)兼谈www.vbaccelerator.com网站
- WINDOWS NT/2000下如何屏蔽CTRL+ALT+DEL
- Windows XP系统中如何屏蔽 Ctrl+Alt+Del、Alt+Tab以及Ctrl+Esc键
- VC实现Win2000下屏蔽Ctrl+Alt+Del键
- Windows XP系统中如何屏蔽 Ctrl+Alt+Del、Alt+Tab以及Ctrl+Esc键序列
- 屏蔽Windows98/2000/XP任务栏、win键、Ctrl+Esc、Alt+Tab、Ctrl+Alt+Del
- Windows XP系统中如何屏蔽 Ctrl+Alt+Del、Alt+Tab以及Ctrl+Esc键序列