1. 程式人生 > >C++程式遮蔽windows2008系統安全介面(ctrl+alt+delete熱鍵)

C++程式遮蔽windows2008系統安全介面(ctrl+alt+delete熱鍵)

win7,win8系統與winxp系統不一樣,ctrl+alt+delete熱鍵會開啟一個安全介面,而不僅僅是開啟任務管理系統,而安全介面是由程序winlogon.exe來控制元件的,就是說,在按下熱鍵的時候會首先啟用程序winlogon.exe程序,然後再做其他事,因此不能用鉤子來遮蔽ctrl+alt+delete熱鍵,這裡採用的是將winlogon.exe程序掛起的辦法:

提升許可權函式

bool EnableDebugPrivilege(bool bEnableDebugPrivilege)

HANDLE hToken;
TOKEN_PRIVILEGES tp;
LUID luid;


if(!::OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken))
{
//::MessageBox(this->GetSafeHwnd(), GET_TOKEN_ERROR, MSG_BOX_TITLE, MB_OK);
return FALSE;
}


if(!::LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid))
{
//::MessageBox(this->GetSafeHwnd(), GET_PRIVILEGE_VALUE_ERROR, MSG_BOX_TITLE, MB_OK);
::CloseHandle(hToken);
return FALSE;
}


tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
if(bEnableDebugPrivilege)
{
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
}
else
{
tp.Privileges[0].Attributes = 0;
}


if(!::AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), NULL, NULL))
{
//::MessageBox(this->GetSafeHwnd(), ADJUST_PRIVILEGE_ERROR, MSG_BOX_TITLE, MB_OK);
::CloseHandle(hToken);
return FALSE;
}


::CloseHandle(hToken);


if(::GetLastError() == ERROR_NOT_ALL_ASSIGNED)
{
//::MessageBox(this->GetSafeHwnd(), ENABLE_DEBUG_ERROR, MSG_BOX_TITLE, MB_OK);
return FALSE;
}
return TRUE;

}

通過程序名稱獲取程序ID

DWORD   GetProcessIdFromName(QString Name, LPTSTR szID)  
{  
PROCESSENTRY32 pe;
DWORD   id   =   0;  
HANDLE   hsnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);  
pe.dwSize   =   sizeof(PROCESSENTRY32);


if(!Process32First(hsnapshot,&pe))
return   0;  
do  
{  
pe.dwSize   =   sizeof(PROCESSENTRY32);  
if(Process32Next(hsnapshot,&pe)==false)  
break;  
QString str = QString::fromWCharArray( pe.szExeFile );
if(Name.compare( str ) == 0)  
{  
id  =  pe.th32ProcessID;
break;
}  


}   while(1);  
CloseHandle(hsnapshot);  


if(szID == NULL) return id;
char lpID[10];
itoa(id, lpID, 10);
strcpy((char*)szID, lpID);
return   id;  
}


//winLogon.exe程序掛起與恢復
bool  TaskScreen( bool type )
{
bool bRet = EnableDebugPrivilege(true);//提權
if( !bRet )
{
return false ;
}


LPTSTR csPath = NULL;
QString pName = "winlogon.exe";
DWORD dwId;
dwId = GetProcessIdFromName(pName,csPath);//獲取程序ID
HANDLE hProcess;
if (0 != dwId)
{
hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwId);
if(NULL != hProcess)

{

                       //動態載入dll庫

HMODULE h_module=LoadLibrary(L"ntdll.dll");
if( !type )

{

                             //程序掛起

NtSuspendProcess m_NtSuspendProcess = (NtSuspendProcess)GetProcAddress(h_module,"NtSuspendProcess");
DWORD dwRet = m_NtSuspendProcess(hProcess);
DWORD dwErr = GetLastError();
}
else
{    //程序恢復
NtResumeProcess m_NtResumeProcess = (NtResumeProcess)GetProcAddress(h_module,"NtResumeProcess");
DWORD dwRet = m_NtResumeProcess(hProcess);
DWORD dwErr = GetLastError();

}

                        //採放動態庫

FreeLibrary(h_module);
}
else
{
return false;
}
}
else
{
return false;
}
return true;

}

注:通過非正常關閉程式,會造成winlogon.exe程序掛起後不能恢復