WIN7_WIN2008_WIN2003_WINXP屏蔽CTRL+ALT+DEL
2016-06-24 13:18
686 查看
unit winSuspendThread; interface uses winapi.Windows, winapi.TlHelp32, system.SysUtils, Rhotkey_Unit; function OpenThread2(dwThreadID: DWORD; bInherit: BOOL): THandle; stdcall; function GetProcessID(strProcessName: string): DWORD; function GetThreadID(dwOwnerProcessID: DWORD): DWORD; function SuspendThread_ctrlaltddel(): BOOL; // 屏蔽 ctrl+alt+del function ResumeThread_ctrlaltddel(): BOOL; // 唤醒 ctrl+alt+del function EnableDebugPrivilege: boolean; // 提升权限 function KillTask(ExeFileName: string): integer; // 关闭进程 implementation const THREAD_TERMINATE = $0001; THREAD_SUSPEND_RESUME = $0002; THREAD_GET_CONTEXT = $0008; THREAD_SET_CONTEXT = $0010; THREAD_SET_INFORMATION = $0020; THREAD_QUERY_INFORMATION = $0040; THREAD_SET_THREAD_TOKEN = $0080; THREAD_IMPERSONATE = $0100; THREAD_DIRECT_IMPERSONATION = $0200; THREAD_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED or SYNCHRONIZE or $3FF; type PPDB = ^T_PDB; T_PDB = record mType: WORD; Refcount: WORD; Unk0: DWORD; Unk1: DWORD; Unk2: DWORD; TermStatus: DWORD; Unk3: DWORD; DefaultHeap: DWORD; MemContext: DWORD; Flags: DWORD; pPsp: DWORD; psSelector: WORD; METIndex: WORD; nThreads: WORD; nThreadsNotTerm: WORD; Unk5: WORD; nR0Threads: WORD; HeapHandle: DWORD; K16TDBSel: WORD; Unk6: WORD; Unk7: DWORD; pEDB: DWORD; pHandleTable: DWORD; ParentPDB: PPDB; ModRefList: DWORD; ThreadList: DWORD; DebugeeCB: DWORD; LHFreeHead: DWORD; InitialR0ID: DWORD; end; PDB = T_PDB; T_TCB = record mType: WORD; Refcount: WORD; Unk1: DWORD; pvExcept: DWORD; TopOfStack: DWORD; BaseOfStace: DWORD; K16TDB: WORD; StackSel16: WORD; Unk2: DWORD; UserPointer: DWORD; pTIB: DWORD; TIBFlags: WORD; Win16MutxCnt: WORD; DebugContext: DWORD; PtrToCurPri: DWORD; MsgQueue: DWORD; pTLSarray: DWORD; pParentPDB: PPDB; SelmanList: DWORD; Unk3: DWORD; Flags: DWORD; status: DWORD; TibSel: WORD; EmulatorSel: WORD; HandleCount: DWORD; WaitNodeList: DWORD; R0hThread: DWORD; ptdbx: DWORD; end; TCB = T_TCB; PTCB = ^T_TCB; OBFUNC = function(dwPTID: DWORD): pointer; stdcall; OTFUNC = function(pH: PHandle; dwVal: DWORD; var var1; var var2): DWORD; stdcall; function GetTrueProcAddress(lpMod: PChar; lpFunc: PChar): pointer; stdcall; forward; function OpenThreadNT(dwThreadID: DWORD; bInherit: BOOL): THandle; stdcall; forward; function XORProcessThreadID(dwPTID: DWORD): pointer; stdcall; var obfuscate: OBFUNC; dwMain: DWORD; lpdw: PDWORD; dw1: DWORD; begin dwMain := DWORD(GetTrueProcAddress('Kernel32.dll', 'GetCurrentThreadId')); // if dwMain = nil then begin result := nil; exit; end; lpdw := PDWORD(dwMain + 8); dw1 := dwMain + 12; obfuscate := OBFUNC(dw1 + lpdw^); result := obfuscate(dwPTID); end; function OpenThread2(dwThreadID: DWORD; bInherit: BOOL): THandle; stdcall; var hThread, hPrc: THandle; lp1: PDWORD; dwProcessID, dwWhere, dwTable: DWORD; b1: BOOL; lpThreadObj: PTCB; procpPdb: PPDB; osvi: OSVERSIONINFO; begin osvi.dwOSVersionInfoSize := sizeof(osvi); GetVersionEX(osvi); SetLastError(50); if osvi.dwPlatformId = VER_PLATFORM_WIN32_NT then result := OpenThreadNT(dwThreadID, bInherit) else begin procpPdb := PPDB(XORProcessThreadID(GetCurrentProcessID())); lpThreadObj := PTCB(XORProcessThreadID(dwThreadID)); if IsBadReadPtr(lpThreadObj, sizeof(TCB)) then begin result := 0; exit; end; if PBYTE(lpThreadObj)^ <> 7 then begin result := 0; exit; end; dwProcessID := DWORD(XORProcessThreadID(DWORD(lpThreadObj^.pParentPDB))); if (dwProcessID = GetCurrentProcessID()) then hPrc := GetCurrentProcess() else begin hPrc := OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessID); if (hPrc = 0) then begin result := 0; exit; end; end; // 4 is the lowest handle in the table // all proceses have this handle b1 := DuplicateHandle(hPrc, THandle(4), GetCurrentProcess(), @hThread, THREAD_ALL_ACCESS, bInherit, 0); if (hPrc <> GetCurrentProcess()) then CloseHandle(hPrc); if (b1 = FALSE) then begin result := 0; exit; end; dwWhere := DWORD(hThread) shr 2; dwTable := procpPdb^.pHandleTable; lp1 := PDWORD(dwTable + dwWhere * 8 + 8); lp1^ := DWORD(lpThreadObj); result := hThread; end; end; {$J+} function EnableDebugPrivilege: boolean; function EnablePrivilege(hToken: NativeUInt; PrivName: string; bEnable: boolean): boolean; var TP: TOKEN_PRIVILEGES; Dummy: Cardinal; char123: PAnsiChar; begin TP.PrivilegeCount := 1; char123 := PAnsiChar(ansistring(PrivName)); char123 := PAnsiChar(ansistring(PrivName)); LookupPrivilegevalueW(nil, Pwidechar(WideString(PrivName)), TP.Privileges[0].Luid); if bEnable then TP.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED else TP.Privileges[0].Attributes := 0; AdjustTokenPrivileges(hToken, FALSE, TP, sizeof(TP), nil, Dummy); // [Page] result := GetLastError = ERROR_SUCCESS; end; var hToken: Cardinal; begin OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES, NativeUInt(hToken)); result := EnablePrivilege(hToken, 'SeDebugPrivilege', true); CloseHandle(hToken); end; function KillTask(ExeFileName: string): integer; const PROCESS_TERMINATE = $0001; var ContinueLoop: boolean; FSnapshotHandle: THandle; FProcessEntry32: TProcessEntry32; begin result := 0; FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); FProcessEntry32.dwSize := sizeof(FProcessEntry32); ContinueLoop := Process32First(FSnapshotHandle, FProcessEntry32); while integer(ContinueLoop) <> 0 do begin if ((uppercase(ExtractFileName(FProcessEntry32.szExeFile)) = uppercase(ExeFileName)) or (uppercase(FProcessEntry32.szExeFile) = uppercase(ExeFileName))) then result := integer(TerminateProcess(OpenProcess(PROCESS_TERMINATE, BOOL(0), FProcessEntry32.th32ProcessID), 0)); ContinueLoop := Process32Next(FSnapshotHandle, FProcessEntry32); end; CloseHandle(FSnapshotHandle); end; function OpenThreadNT(dwThreadID: DWORD; bInherit: BOOL): THandle; stdcall; const hThread: THandle = 0; struct1: array [0 .. 5] of DWORD = ($18, 0, 0, 0, 0, 0); struct2: array [0 .. 1] of DWORD = (0, 0); hLib: HModule = 0; OpenThatNTThread: OTFUNC = nil; begin hLib := LoadLibrary('ntdll.dll'); OpenThatNTThread := OTFUNC(GetProcAddress(hLib, 'NtOpenThread')); struct2[1] := dwThreadID; struct1[3] := DWORD(bInherit); OpenThatNTThread(@hThread, THREAD_ALL_ACCESS, struct1, struct2); FreeLibrary(hLib); result := hThread; end; {$J-} function GetTrueProcAddress(lpMod: PChar; lpFunc: PChar): pointer; stdcall; var bla: pointer; hMod: HModule; begin hMod := GetModuleHandle(lpMod); if hMod = 0 then begin result := nil; exit; end; bla := pointer(GetProcAddress(hMod, lpFunc)); if (DWORD(bla) = 0) then begin result := nil; exit; end; if PBYTE(bla)^ = $68 then bla := pointer(PDWORD(DWORD(bla) + 1)^); result := bla; end; function GetProcessID(strProcessName: string): DWORD; var dwRet: DWORD; hSnapShot: THandle; ProcessEntry: PROCESSENTRY32; bFlag: BOOL; begin dwRet := 0; hSnapShot := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if (hSnapShot <> INVALID_HANDLE_VALUE) then begin FillChar(ProcessEntry, sizeof(PROCESSENTRY32), 0); ProcessEntry.dwSize := sizeof(PROCESSENTRY32); bFlag := Process32First(hSnapShot, ProcessEntry); while (bFlag) do begin if Pos(uppercase(strProcessName), uppercase(ProcessEntry.szExeFile)) <> 0 then begin dwRet := ProcessEntry.th32ProcessID; break; end; ProcessEntry.dwSize := sizeof(PROCESSENTRY32); bFlag := Process32Next(hSnapShot, ProcessEntry); end; CloseHandle(hSnapShot); end; result := dwRet; end; function GetThreadID(dwOwnerProcessID: DWORD): DWORD; var dwRet: DWORD; hThreadSnap: THandle; te32: THREADENTRY32; begin dwRet := 0; FillChar(te32, sizeof(te32), 0); hThreadSnap := CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0); if (hThreadSnap <> INVALID_HANDLE_VALUE) then begin te32.dwSize := sizeof(THREADENTRY32); if (Thread32First(hThreadSnap, te32)) then repeat if (te32.th32OwnerProcessID = dwOwnerProcessID) then begin dwRet := te32.th32ThreadID; break; end; until not(Thread32Next(hThreadSnap, te32)); CloseHandle(hThreadSnap); end; result := dwRet; end; function SuspendThread_ctrlaltddel(): BOOL; var // ContinueLoop: boolean; FSnapshotHandle: THandle; // FProcessEntry32: TProcessEntry32; b: BOOL; th32: PROCESSENTRY32; th32id: Cardinal; th32_lock: THREADENTRY32; hThreadSnap: THandle; oth: THandle; begin FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); // FProcessEntry32.dwSize := Sizeof(FProcessEntry32); // ContinueLoop := Process32First(FSnapshotHandle, FProcessEntry32); th32.dwSize := sizeof(th32); if (FSnapshotHandle = INVALID_HANDLE_VALUE) then begin result := FALSE; exit; end; b := Process32First(FSnapshotHandle, th32); while b do begin if th32.szExeFile = 'winlogon.exe' then begin // ShowMessage(th32.szExeFile); th32id := th32.th32ProcessID; end; b := Process32Next(FSnapshotHandle, th32); end; th32_lock.dwSize := sizeof(th32_lock); hThreadSnap := CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0); if (hThreadSnap = INVALID_HANDLE_VALUE) then begin // ShowMessage('调用失败'); result := FALSE; exit; end; b := Thread32First(hThreadSnap, th32_lock); while b do begin if th32_lock.th32OwnerProcessID = th32id then begin // oth := OpenThread2(THREAD_ALL_ACCESS, False, th32_lock.th32ThreadID); oth := OpenThread2(th32_lock.th32ThreadID, FALSE); if SuspendThread(oth) >= 0 then begin // ShowMessage('ok'); end; break; CloseHandle(oth); end; b := Thread32Next(hThreadSnap, th32_lock); end; CloseHandle(hThreadSnap); RunFuckCAD(); //屏蔽功能键 result := true; end; function ResumeThread_ctrlaltddel(): BOOL; var ContinueLoop: boolean; FSnapshotHandle: THandle; FProcessEntry32: TProcessEntry32; b: BOOL; th32: PROCESSENTRY32; th32id: Cardinal; th32_lock: THR 9439 EADENTRY32; hThreadSnap: THandle; oth: THandle; begin FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); FProcessEntry32.dwSize := sizeof(FProcessEntry32); ContinueLoop := Process32First(FSnapshotHandle, FProcessEntry32); th32.dwSize := sizeof(th32); if (FSnapshotHandle = INVALID_HANDLE_VALUE) then begin result := FALSE; exit; end; b := Process32First(FSnapshotHandle, th32); while b do begin if th32.szExeFile = 'winlogon.exe' then begin // ShowMessage(th32.szExeFile); th32id := th32.th32ProcessID; end; b := Process32Next(FSnapshotHandle, th32); end; th32_lock.dwSize := sizeof(th32_lock); hThreadSnap := CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0); if (hThreadSnap = INVALID_HANDLE_VALUE) then begin result := FALSE; exit; end; b := Thread32First(hThreadSnap, th32_lock); while b do begin if th32_lock.th32OwnerProcessID = th32id then begin // oth := OpenThread2(THREAD_ALL_ACCESS, False, th32_lock.th32ThreadID); oth := OpenThread2(th32_lock.th32ThreadID, FALSE); if ResumeThread(oth) >= 0 then begin // showmessage('ok'); end; break; CloseHandle(oth); end; b := Thread32Next(hThreadSnap, th32_lock); end; CloseHandle(hThreadSnap); StopFuckCAD();//释放屏蔽功能键 result := true; end; end.
相关文章推荐
- 支付宝集成历程详解——运行DEMO
- 响应式菜单(bootstrap)
- 排序算法汇总
- 增量式PID推导及C语言实现
- 基数排序的性能优化
- 最常用的两种C++序列化方案的使用心得
- Error:(4) Error retrieving parent for item: No resource found that matches the given name 'android:T
- 信息的表示和处理(3)
- Java Web项目中使用Freemarker生成Word文档
- struts2 #,%,$的用法
- Java中类的初始化顺序
- Windows 无法安装到这个磁盘。选中的磁盘具有MBR分区表”的处理
- 高阶排序算法手撸(Java语言)
- Windows 无法安装到这个磁盘。选中的磁盘具有MBR分区表”的处理
- 文章标题
- Windows 无法安装到这个磁盘。选中的磁盘具有MBR分区表”的处理
- MyBatis
- 操作系统--主存空间的分配和回收
- IE兼容
- 银行家算法(操作系统)(c++)