Posted on 2010-02-08 21:28
S.l.e!ep.¢% 閱讀(743)
評論(0) 編輯 收藏 引用 所屬分類:
RootKit
不用hook 實現(xiàn)掛機鎖
創(chuàng)建作業(yè)對象,關聯(lián)winlogon.exe 進程 Winlogon控制重啟,關機,注銷等動作。設置作業(yè)對象的屬性為JOB_OBJECT_UILIMIT_EXITWINDOWS (參考
即可 Prevents processes associated with the job from calling the ExitWindows or ExitWindowsEx function.
// 掛機
BOOL res = FALSE;
JOBOBJECT_BASIC_UI_RESTRICTIONS JobInfo;
ZeroMemory(&JobInfo, sizeof(JOBOBJECT_BASIC_UI_RESTRICTIONS));
JobInfo.UIRestrictionsClass = JOB_OBJECT_UILIMIT_EXITWINDOWS;
EnableDebugPriv(SE_DEBUG_NAME);
// 建立JOB 對象 命名為WINLOCK
HANDLE hjob = CreateJobObject(NULL, TEXT("WINLOCK"));
SetInformationJobObject(hjob, JobObjectBasicUIRestrictions, &JobInfo, sizeof(JobInfo));
DWORD Pid = GetProcessId("winlogon.exe");
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, Pid);
if (hProcess == NULL)
{
?? MessageBox("打開winlogon進程失敗");
?? return;
}
res = AssignProcessToJobObject(hjob,hProcess);//將進程和對象關聯(lián)起來
if (!res)
{
?? MessageBox("掛機失敗");
}