delphi win7,win2008,win2003,winxp 屏蔽CTRL+ALT+DEL-木庄网络博客

本文整理自网络，侵删。
 unit winSuspendThread;interfaceuses  winapi.Windows,  winapi.TlHelp32,  system.SysUtils;function OpenThread2(dwThreadID: DWORD; bInherit: BOOL): THandle; stdcall;function GetProcessID(strProcessName: string): DWORD;function GetThreadID(dwOwnerProcessID: DWORD): DWORD;function SuspendThread_ctrlaltddel(): BOOL; // 屏蔽 ctrl+alt+delfunction ResumeThread_ctrlaltddel(): BOOL; // 唤醒 ctrl+alt+delfunction EnableDebugPrivilege: boolean; // 提升权限function KillTask(ExeFileName: string): integer; // 关闭进程implementationconst  THREAD_TERMINATE = $0001;  THREAD_SUSPEND_RESUME = $0002;  THREAD_GET_CONTEXT = $0008;  THREAD_SET_CONTEXT = $0010;  THREAD_SET_INFORMATION = $0020;  THREAD_QUERY_INFORMATION = $0040;  THREAD_SET_THREAD_TOKEN = $0080;  THREAD_IMPERSONATE = $0100;  THREAD_DIRECT_IMPERSONATION = $0200;  THREAD_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED or SYNCHRONIZE or $3FF;type  PPDB = ^T_PDB;  T_PDB = record    mType: WORD;    Refcount: WORD;    Unk0: DWORD;    Unk1: DWORD;    Unk2: DWORD;    TermStatus: DWORD;    Unk3: DWORD;    DefaultHeap: DWORD;    MemContext: DWORD;    Flags: DWORD;    pPsp: DWORD;    psSelector: WORD;    METIndex: WORD;    nThreads: WORD;    nThreadsNotTerm: WORD;    Unk5: WORD;    nR0Threads: WORD;    HeapHandle: DWORD;    K16TDBSel: WORD;    Unk6: WORD;    Unk7: DWORD;    pEDB: DWORD;    pHandleTable: DWORD;    ParentPDB: PPDB;    ModRefList: DWORD;    ThreadList: DWORD;    DebugeeCB: DWORD;    LHFreeHead: DWORD;    InitialR0ID: DWORD;  end;  PDB = T_PDB;  T_TCB = record    mType: WORD;    Refcount: WORD;    Unk1: DWORD;    pvExcept: DWORD;    TopOfStack: DWORD;    BaseOfStace: DWORD;    K16TDB: WORD;    StackSel16: WORD;    Unk2: DWORD;    UserPointer: DWORD;    pTIB: DWORD;    TIBFlags: WORD;    Win16MutxCnt: WORD;    DebugContext: DWORD;    PtrToCurPri: DWORD;    MsgQueue: DWORD;    pTLSarray: DWORD;    pParentPDB: PPDB;    SelmanList: DWORD;    Unk3: DWORD;    Flags: DWORD;    status: DWORD;    TibSel: WORD;    EmulatorSel: WORD;    HandleCount: DWORD;    WaitNodeList: DWORD;    R0hThread: DWORD;    ptdbx: DWORD;  end;  TCB = T_TCB;  PTCB = ^T_TCB;  OBFUNC = function(dwPTID: DWORD): pointer; stdcall;  OTFUNC = function(pH: PHandle; dwVal: DWORD; var var1; var var2): DWORD; stdcall;function GetTrueProcAddress(lpMod: PChar; lpFunc: PChar): pointer; stdcall; forward;function OpenThreadNT(dwThreadID: DWORD; bInherit: BOOL): THandle; stdcall; forward;function XORProcessThreadID(dwPTID: DWORD): pointer; stdcall;var  obfuscate: OBFUNC;  dwMain: DWORD;  lpdw: PDWORD;  dw1: DWORD;begin  dwMain := DWORD(GetTrueProcAddress('Kernel32.dll', 'GetCurrentThreadId'));  // if dwMain = nil then begin result := nil; exit; end;  lpdw := PDWORD(dwMain + 8);  dw1 := dwMain + 12;  obfuscate := OBFUNC(dw1 + lpdw^);  result := obfuscate(dwPTID);end;function OpenThread2(dwThreadID: DWORD; bInherit: BOOL): THandle; stdcall;var  hThread, hPrc: THandle;  lp1: PDWORD;  dwProcessID, dwWhere, dwTable: DWORD;  b1: BOOL;  lpThreadObj: PTCB;  procpPdb: PPDB;  osvi: OSVERSIONINFO;begin  osvi.dwOSVersionInfoSize := sizeof(osvi);  GetVersionEX(osvi);  SetLastError(50);  if osvi.dwPlatformId = VER_PLATFORM_WIN32_NT then    result := OpenThreadNT(dwThreadID, bInherit)  else  begin    procpPdb := PPDB(XORProcessThreadID(GetCurrentProcessID()));    lpThreadObj := PTCB(XORProcessThreadID(dwThreadID));    if IsBadReadPtr(lpThreadObj, sizeof(TCB)) then    begin      result := 0;      exit;    end;    if PBYTE(lpThreadObj)^ <> 7 then    begin      result := 0;      exit;    end;    dwProcessID := DWORD(XORProcessThreadID(DWORD(lpThreadObj^.pParentPDB)));    if (dwProcessID = GetCurrentProcessID()) then      hPrc := GetCurrentProcess()    else    begin      hPrc := OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessID);      if (hPrc = 0) then      begin        result := 0;        exit;      end;    end;    // 4 is the lowest handle in the table    // all proceses have this handle    b1 := DuplicateHandle(hPrc, THandle(4), GetCurrentProcess(), @hThread, THREAD_ALL_ACCESS, bInherit, 0);    if (hPrc <> GetCurrentProcess()) then      CloseHandle(hPrc);    if (b1 = FALSE) then    begin      result := 0;      exit;    end;    dwWhere := DWORD(hThread) shr 2;    dwTable := procpPdb^.pHandleTable;    lp1 := PDWORD(dwTable + dwWhere * 8 + 8);    lp1^ := DWORD(lpThreadObj);    result := hThread;  end;end;{$J+}function EnableDebugPrivilege: boolean;  function EnablePrivilege(hToken: NativeUInt; PrivName: string; bEnable: boolean): boolean;  var    TP: TOKEN_PRIVILEGES;    Dummy: Cardinal;    char123: PAnsiChar;  begin    TP.PrivilegeCount := 1;    char123 := PAnsiChar(ansistring(PrivName));    char123 := PAnsiChar(ansistring(PrivName));    LookupPrivilegevalueW(nil, Pwidechar(WideString(PrivName)), TP.Privileges[0].Luid);    if bEnable then      TP.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED    else      TP.Privileges[0].Attributes := 0;    AdjustTokenPrivileges(hToken, FALSE, TP, sizeof(TP), nil, Dummy); // [Page]    result := GetLastError = ERROR_SUCCESS;  end;var  hToken: Cardinal;begin  OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES, NativeUInt(hToken));  result := EnablePrivilege(hToken, 'SeDebugPrivilege', true);  CloseHandle(hToken);end;function KillTask(ExeFileName: string): integer;const  PROCESS_TERMINATE = $0001;var  ContinueLoop: boolean;  FSnapshotHandle: THandle;  FProcessEntry32: TProcessEntry32;begin  result := 0;  FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);  FProcessEntry32.dwSize := sizeof(FProcessEntry32);  ContinueLoop := Process32First(FSnapshotHandle, FProcessEntry32);  while integer(ContinueLoop) <> 0 do  begin    if ((uppercase(ExtractFileName(FProcessEntry32.szExeFile)) = uppercase(ExeFileName)) or (uppercase(FProcessEntry32.szExeFile) = uppercase(ExeFileName))) then      result := integer(TerminateProcess(OpenProcess(PROCESS_TERMINATE, BOOL(0), FProcessEntry32.th32ProcessID), 0));    ContinueLoop := Process32Next(FSnapshotHandle, FProcessEntry32);  end;  CloseHandle(FSnapshotHandle);end;function OpenThreadNT(dwThreadID: DWORD; bInherit: BOOL): THandle; stdcall;const  hThread: THandle = 0;  struct1: array [0 .. 5] of DWORD = ($18, 0, 0, 0, 0, 0);  struct2: array [0 .. 1] of DWORD = (0, 0);  hLib: HModule = 0;  OpenThatNTThread: OTFUNC = nil;begin  hLib := LoadLibrary('ntdll.dll');  OpenThatNTThread := OTFUNC(GetProcAddress(hLib, 'NtOpenThread'));  struct2[1] := dwThreadID;  struct1[3] := DWORD(bInherit);  OpenThatNTThread(@hThread, THREAD_ALL_ACCESS, struct1, struct2);  FreeLibrary(hLib);  result := hThread;end;{$J-}function GetTrueProcAddress(lpMod: PChar; lpFunc: PChar): pointer; stdcall;var  bla: pointer;  hMod: HModule;begin  hMod := GetModuleHandle(lpMod);  if hMod = 0 then  begin    result := nil;    exit;  end;  bla := pointer(GetProcAddress(hMod, lpFunc));  if (DWORD(bla) = 0) then  begin    result := nil;    exit;  end;  if PBYTE(bla)^ = $68 then    bla := pointer(PDWORD(DWORD(bla) + 1)^);  result := bla;end;function GetProcessID(strProcessName: string): DWORD;var  dwRet: DWORD;  hSnapShot: THandle;  ProcessEntry: PROCESSENTRY32;  bFlag: BOOL;begin  dwRet := 0;  hSnapShot := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);  if (hSnapShot <> INVALID_HANDLE_VALUE) then  begin    FillChar(ProcessEntry, sizeof(PROCESSENTRY32), 0);    ProcessEntry.dwSize := sizeof(PROCESSENTRY32);    bFlag := Process32First(hSnapShot, ProcessEntry);    while (bFlag) do    begin      if Pos(uppercase(strProcessName), uppercase(ProcessEntry.szExeFile)) <> 0 then      begin        dwRet := ProcessEntry.th32ProcessID;        break;      end;      ProcessEntry.dwSize := sizeof(PROCESSENTRY32);      bFlag := Process32Next(hSnapShot, ProcessEntry);    end;    CloseHandle(hSnapShot);  end;  result := dwRet;end;function GetThreadID(dwOwnerProcessID: DWORD): DWORD;var  dwRet: DWORD;  hThreadSnap: THandle;  te32: THREADENTRY32;begin  dwRet := 0;  FillChar(te32, sizeof(te32), 0);  hThreadSnap := CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);  if (hThreadSnap <> INVALID_HANDLE_VALUE) then  begin    te32.dwSize := sizeof(THREADENTRY32);    if (Thread32First(hThreadSnap, te32)) then      repeat        if (te32.th32OwnerProcessID = dwOwnerProcessID) then        begin          dwRet := te32.th32ThreadID;          break;        end;      until not(Thread32Next(hThreadSnap, te32));    CloseHandle(hThreadSnap);  end;  result := dwRet;end;function SuspendThread_ctrlaltddel(): BOOL;var  // ContinueLoop: boolean;  FSnapshotHandle: THandle;  // FProcessEntry32: TProcessEntry32;  b: BOOL;  th32: PROCESSENTRY32;  th32id: Cardinal;  th32_lock: THREADENTRY32;  hThreadSnap: THandle;  oth: THandle;begin  FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);  // FProcessEntry32.dwSize := Sizeof(FProcessEntry32);  // ContinueLoop := Process32First(FSnapshotHandle, FProcessEntry32);  th32.dwSize := sizeof(th32);  if (FSnapshotHandle = INVALID_HANDLE_VALUE) then  begin    result := FALSE;    exit;  end;  b := Process32First(FSnapshotHandle, th32);  while b do  begin    if th32.szExeFile = 'winlogon.exe' then    begin      // ShowMessage(th32.szExeFile);      th32id := th32.th32ProcessID;    end;    b := Process32Next(FSnapshotHandle, th32);  end;  th32_lock.dwSize := sizeof(th32_lock);  hThreadSnap := CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);  if (hThreadSnap = INVALID_HANDLE_VALUE) then  begin    // ShowMessage('调用失败');    result := FALSE;    exit;  end;  b := Thread32First(hThreadSnap, th32_lock);  while b do  begin    if th32_lock.th32OwnerProcessID = th32id then    begin      // oth := OpenThread2(THREAD_ALL_ACCESS, False, th32_lock.th32ThreadID);      oth := OpenThread2(th32_lock.th32ThreadID, FALSE);      if SuspendThread(oth) >= 0 then      begin        // ShowMessage('ok');      end;      break;      CloseHandle(oth);    end;    b := Thread32Next(hThreadSnap, th32_lock);  end;  CloseHandle(hThreadSnap);  result := true;end;function ResumeThread_ctrlaltddel(): BOOL;var  ContinueLoop: boolean;  FSnapshotHandle: THandle;  FProcessEntry32: TProcessEntry32;  b: BOOL;  th32: PROCESSENTRY32;  th32id: Cardinal;  th32_lock: THREADENTRY32;  hThreadSnap: THandle;  oth: THandle;begin  FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);  FProcessEntry32.dwSize := sizeof(FProcessEntry32);  ContinueLoop := Process32First(FSnapshotHandle, FProcessEntry32);  th32.dwSize := sizeof(th32);  if (FSnapshotHandle = INVALID_HANDLE_VALUE) then  begin    result := FALSE;    exit;  end;  b := Process32First(FSnapshotHandle, th32);  while b do  begin    if th32.szExeFile = 'winlogon.exe' then    begin      // ShowMessage(th32.szExeFile);      th32id := th32.th32ProcessID;    end;    b := Process32Next(FSnapshotHandle, th32);  end;  th32_lock.dwSize := sizeof(th32_lock);  hThreadSnap := CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);  if (hThreadSnap = INVALID_HANDLE_VALUE) then  begin    result := FALSE;    exit;  end;  b := Thread32First(hThreadSnap, th32_lock);  while b do  begin    if th32_lock.th32OwnerProcessID = th32id then    begin      // oth := OpenThread2(THREAD_ALL_ACCESS, False, th32_lock.th32ThreadID);      oth := OpenThread2(th32_lock.th32ThreadID, FALSE);      if ResumeThread(oth) >= 0 then      begin        // showmessage('ok');      end;      break;      CloseHandle(oth);    end;    b := Thread32Next(hThreadSnap, th32_lock);  end;  CloseHandle(hThreadSnap);  result := true;end;end.
delphi win7,win2008,win2003,winxp 屏蔽CTRL+ALT+DEL

相关推荐

评论
