Abort system shutdown

最新推荐文章于 2024-11-04 11:41:53 发布

why99fun

最新推荐文章于 2024-11-04 11:41:53 发布

阅读量418

点赞数

CC 4.0 BY-SA版权

本文链接：https://blog.youkuaiyun.com/why99fun/article/details/40678407

本文介绍了一个简单的程序，用于在Windows NT 3.1及更高版本中阻止系统关机操作。程序通过获取进程令牌并调整权限来获得关机特权，然后调用AbortSystemShutdown函数来取消已启动的关机过程。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

#include <windows.h>

#define WinVerMajor()        LOBYTE(LOWORD(GetVersion()))

#define IsWinVerNTs()       (GetVersion() < 0x80000000)
#define IsWinVerNT351Plus() (IsWinVerNTs() && WinVerMajor() >= 3)

#define ERR_MSG				TEXT("This program requires Windows NT version 3.1 or later!")

BOOL (__stdcall * MyAbortSystemShutdown)(LPTSTR);

BOOL fAbortSystemShutdown(LPTSTR lpMachineName);
BOOL PreventSystemShutdown(void);

int __stdcall WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)
{
	if (IsWinVerNT351Plus())
	{
		PreventSystemShutdown();
	}
	else
	{
		MessageBox(NULL, ERR_MSG, TEXT("Abort System Shutdown"), MB_OK);
	}

	return (0);
}

/*
 *	AbortSystemShutdown
 *
 *	The AbortSystemShutdown function stops a system shutdown started by using 
 *	the InitiateSystemShutdown function.
 *
 *
 *	BOOL AbortSystemShutdown(
 *	  LPTSTR lpMachineName
 *	);
 *
 *	Parameters
 *	lpMachineName 
 *	[in] Pointer to the null-terminated string that specifies the network name of the computer 
 *	where the shutdown is to be stopped. If lpMachineName is NULL or an empty string, 
 *	the function stops the shutdown on the local computer. 
 *	
 *	Return Values
 *	If the function succeeds, the return value is nonzero.
 *
 *	If the function fails, the return value is zero. To get extended error information, 
 *	call GetLastError.
 *
 *  To stop the local computer from shutting down, the calling process must 
 *	have the SE_SHUTDOWN_NAME privilege. To stop a remote computer from shutting down, 
 *	the calling process must have the SE_REMOTE_SHUTDOWN_NAME privilege on the remote computer.
 */
BOOL fAbortSystemShutdown(LPTSTR lpMachineName)
{
	HINSTANCE hinstLib;
	BOOL result = FALSE;

	if (IsWinVerNT351Plus())
	{
		hinstLib = LoadLibrary(TEXT("Advapi32.dll"));

		if (hinstLib)
		{
			if (MyAbortSystemShutdown = (BOOL (__stdcall *)(LPTSTR)) 
				#ifdef UNICODE
					GetProcAddress(hinstLib, "AbortSystemShutdownW"))
				#else
					GetProcAddress(hinstLib, "AbortSystemShutdownA"))
				#endif // !UNICODE
			{
				result = (MyAbortSystemShutdown)(lpMachineName);
			}
		}

		FreeLibrary(hinstLib);
	}

	return (result);
}

BOOL PreventSystemShutdown(void)
{
	HANDLE hToken;              // handle to process token 
	TOKEN_PRIVILEGES tkp;       // pointer to token structure 

	// Get the current process token handle so we can get shutdown privilege.
	if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) 
	{
		return (FALSE);
	}

	// Get the LUID for shutdown privilege. 
	LookupPrivilegeValue(NULL, SE_SHUTDOWN_NAME, &tkp.Privileges[0].Luid); 

	tkp.PrivilegeCount = 1;  // one privilege to set    
	tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; 

	// Get shutdown privilege for this process. 
	AdjustTokenPrivileges(hToken, FALSE, &tkp, 0, (PTOKEN_PRIVILEGES) NULL, 0); 

	if (GetLastError() != ERROR_SUCCESS)
	{
		return (FALSE);
	}

	// Prevent the system from shutting down. 
	if (! fAbortSystemShutdown(NULL)) 
	{
		LPVOID lpMsgBuf;

		FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
			NULL, GetLastError(),
			MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
			(LPTSTR) &lpMsgBuf, 0, NULL
		);

		// Display the string.
		MessageBox(NULL, (LPCTSTR) lpMsgBuf, TEXT("Error"), MB_OK | MB_ICONINFORMATION);

		// Free the buffer.
		LocalFree(lpMsgBuf);

		return (FALSE);
	}

	// Disable shutdown privilege. 
	tkp.Privileges[0].Attributes = 0; 
	AdjustTokenPrivileges(hToken, FALSE, &tkp, 0, (PTOKEN_PRIVILEGES) NULL, 0);

	return (TRUE);
}