记得刚学的时候,喜欢研究API,当时同事有一个高手,写了段代码,我在写程序的时候,莫明妙的,机器突然关掉了!我正在纳闷的时候,我听到了他的奸笑!
原来是他干的,后来我研究了好久InitiateSystemShutdown这个API函数,了解被作弄的原理了,因为我的机器加入了的域,而且域的超级用户我也设置成对我本机有Administrator权限,所以,他才有机可乘!后来写了以下这段代码,让他也在工作的时候被我远程关机,爽啊!学了新东西,又以其人之道还施彼身!
| //ShutDownSystem函数是关本地,自己的机器 BOOL CAlarmClockDlg::ShutDownSystem() { HANDLE hToken; TOKEN_PRIVILEGES tkp; // Get a token for this process. if (!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) AfxMessageBox(\"OpenProcessToken\"); // Get the LUID for the shutdown privilege. LookupPrivilegeValue(NULL, SE_SHUTDOWN_NAME,&tkp.Privileges[0].Luid); tkp.PrivilegeCount = 1; // one privilege to set tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; // Get the shutdown privilege for this process. AdjustTokenPrivileges(hToken, FALSE, &tkp, 0,(PTOKEN_PRIVILEGES)NULL, 0); if(GetLastError()!= ERROR_SUCCESS) AfxMessageBox(\"AdjustTokenPrivileges\"); // Shut down the system and force all applications to close. if(!ExitWindowsEx(EWX_SHUTDOWN|EWX_FORCE, 0)) { return FALSE; } else { return TRUE; } } //shutdownHost这个就是远程关机的C++函数了!hostName可以是机器IP,也可以是机器名字! BOOL CAlarmClockDlg::shutdownHost(CString hostName) { HANDLE hToken; // handle to process token TOKEN_PRIVILEGES tkp; // pointer to token structure BOOL fResult; // system shutdown flag // Get the current process token handle so we can get shutdown // privilege. if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) [Page] AfxMessageBox(\"OpenProcessToken failed.\"); // Get the LUID for shutdown privilege. LookupPrivilegeValue(NULL, SE_SHUTDOWN_NAME, &tkp.Privileges[0].Luid); tkp.PrivilegeCount = 1; // one privilege to set tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; // Get shutdown privilege for this process. AdjustTokenPrivileges(hToken, FALSE, &tkp, 0, (PTOKEN_PRIVILEGES) NULL, 0); // Cannot test the return value of AdjustTokenPrivileges. if (GetLastError() != ERROR_SUCCESS) AfxMessageBox(\"AdjustTokenPrivileges enable failed.\"); // Display the shutdown dialog box and start the time-out countdown. fResult = InitiateSystemShutdown(\"192.168.100.245\", // shut down local computer \"Click on the main window and press the Escape key to cancel shutdown.\", // message to user 1, // time-out period FALSE, // ask user to close apps //注意这一段API调用! FALSE); // reboot after shutdown if (!fResult) { AfxMessageBox(\"InitiateSystemShutdown failed.\"); } // Disable shutdown privilege. tkp.Privileges[0].Attributes = 0; AdjustTokenPrivileges(hToken, FALSE, &tkp, 0, (PTOKEN_PRIVILEGES) NULL, 0); if (GetLastError() != ERROR_SUCCESS) { AfxMessageBox(\"AdjustTokenPrivileges disable failed.\"); } return TRUE; } |