Posted on 2010-02-08 21:28
S.l.e!ep.¢% 閱讀(744)
評(píng)論(0) 編輯 收藏 引用 所屬分類:
RootKit
不用hook 實(shí)現(xiàn)掛機(jī)鎖
創(chuàng)建作業(yè)對(duì)象,關(guān)聯(lián)winlogon.exe 進(jìn)程 Winlogon控制重啟,關(guān)機(jī),注銷等動(dòng)作。設(shè)置作業(yè)對(duì)象的屬性為JOB_OBJECT_UILIMIT_EXITWINDOWS (參考
即可 Prevents processes associated with the job from calling the ExitWindows or ExitWindowsEx function.
// 掛機(jī)
BOOL res = FALSE;
JOBOBJECT_BASIC_UI_RESTRICTIONS JobInfo;
ZeroMemory(&JobInfo, sizeof(JOBOBJECT_BASIC_UI_RESTRICTIONS));
JobInfo.UIRestrictionsClass = JOB_OBJECT_UILIMIT_EXITWINDOWS;
EnableDebugPriv(SE_DEBUG_NAME);
// 建立JOB 對(duì)象 命名為WINLOCK
HANDLE hjob = CreateJobObject(NULL, TEXT("WINLOCK"));
SetInformationJobObject(hjob, JobObjectBasicUIRestrictions, &JobInfo, sizeof(JobInfo));
DWORD Pid = GetProcessId("winlogon.exe");
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, Pid);
if (hProcess == NULL)
{
?? MessageBox("打開(kāi)winlogon進(jìn)程失敗");
?? return;
}
res = AssignProcessToJobObject(hjob,hProcess);//將進(jìn)程和對(duì)象關(guān)聯(lián)起來(lái)
if (!res)
{
?? MessageBox("掛機(jī)失敗");
}