这是w2k下禁止ctrl+alt+del的dll源码,哪位大侠能使它在xp下生效!<br>library insertdll;<br>uses<br> Windows,<br> Messages,<br> SysUtils;<br><br>{$R *.RES}<br><br>type<br> TCode5 = packed record<br> siJmp : ShortInt;<br> dwAddr : DWORD;<br> end;<br> TThunkFunc = (tfWlxLoggedOnSAS);<br> TThunkFuncName = packed record<br> strMod : string; // 系统模块名称<br> strSysProc : string; // 系统DLL中的名字<br> strThunkProc : string; // 你替换的函数的名字,必须在DLL的引出表中<br> end;<br> TThunkCode = packed record<br> codeBak : TCode5; // 系统函数的代码的前5个字节<br> codeThunk : TCode5; // 跳转到你的代码的5个字节<br> addr_sys : Pointer; // 系统函数的地址<br> addr_thunk : Pointer; // 替换函数的地址<br> bInstalled : boolean; // 安装了吗?<br> end;<br><br>const<br> ThunkFuncNameArr : array[TThunkFunc] of TThunkFuncName = (<br> (strMod : 'msgina.dll'; strSysProc : 'WlxLoggedOnSAS'; strThunkProc : 'GanLoggedOnSAS')<br> );<br>var<br> ThunkCodeArr : array[TThunkFunc] of TThunkCode;<br> hProc : THandle;<br><br>procedure InitThunkCode;<br>var<br> tfType : TThunkFunc;<br> hMod : HMODULE;<br> pSysFunc, pThunkFunc : Pointer;<br>begin<br> for tfType := LOW(TThunkFunc) to HIGH(TThunkFunc) do begin<br> // clear to zero<br> FillChar(ThunkCodeArr[tfType], sizeof(TThunkCode), 0);<br><br> // fill it by right value<br> hMod := 0;<br> hMod := GetModuleHandle(PChar(ThunkFuncNameArr[tfType].strMod));<br> if hMod = 0 then continue;<br><br> pSysFunc := nil;<br> pSysFunc := GetProcAddress(hMod,<br> PChar(ThunkFuncNameArr[tfType].strSysProc));<br> if pSysFunc = nil then continue;<br><br> pThunkFunc := nil;<br> pThunkFunc := GetProcAddress(hInstance,<br> PChar(ThunkFuncNameArr[tfType].strThunkProc));<br> if pThunkFunc = nil then continue;<br><br> // now fill it!<br> ThunkCodeArr[tfType].addr_sys := pSysFunc;<br> ThunkCodeArr[tfType].addr_thunk := pThunkFunc;<br><br> ThunkCodeArr[tfType].codeThunk.siJmp := ShortInt($E9); // jmp ____<br> ThunkCodeArr[tfType].codeThunk.dwAddr :=<br> DWORD(pThunkFunc) - DWORD(pSysFunc) - 5;<br><br> ThunkCodeArr[tfType].codeBak.siJmp := PByte(pSysFunc)^;<br> ThunkCodeArr[tfType].codeBak.dwAddr := PDWORD(DWORD(pSysFunc)+1)^;<br> end;<br>end;<br><br>procedure InstallThunkFunc(tfType : TThunkFunc);<br>var<br> nCount : DWORD;<br>begin<br> if ThunkCodeArr[tfType].bInstalled then exit;<br> if (hProc=0) or (ThunkCodeArr[tfType].addr_sys=nil) then exit;<br> WriteProcessMemory(hProc,<br> ThunkCodeArr[tfType].addr_sys,<br> @(ThunkCodeArr[tfType].codeThunk),<br> 5,<br> nCount);<br> ThunkCodeArr[tfType].bInstalled := True;<br>end;<br><br>procedure UnInstallThunkFunc(tfType : TThunkFunc);<br>var<br> nCount : DWORD;<br>begin<br> if not ThunkCodeArr[tfType].bInstalled then exit;<br> if (hProc=0) or (ThunkCodeArr[tfType].addr_sys=nil) then exit;<br> WriteProcessMemory(hProc,<br> ThunkCodeArr[tfType].addr_sys,<br> @(ThunkCodeArr[tfType].codeBak),<br> 5,<br> nCount);<br> ThunkCodeArr[tfType].bInstalled := false;<br>end;<br><br>const<br> WLX_SAS_ACTION_NONE = 2;<br><br>function GanLoggedOnSAS(pWlxContext
ointer;<br> dwSasType : DWORD;<br> pReserved : Pointer):Integer;stdcall;<br>begin<br> result := WLX_SAS_ACTION_NONE;<br>end;<br><br>var<br> hThreadHandle : THANDLE;<br><br>procedure DllMain(dwReason : DWORD);<br>var<br> dwThreadID : DWORD;<br>begin<br> case dwReason of<br> DLL_PROCESS_ATTACH :<br> begin<br> InitThunkCode;<br> InstallThunkFunc(tfWlxLoggedOnSAS);<br> end;<br> DLL_PROCESS_DETACH :<br> begin<br> UninstallThunkFunc(tfWlxLoggedOnSAS);<br> CloseHandle(hProc);<br> end;<br> DLL_THREAD_ATTACH :<br> begin<br> end;<br> DLL_THREAD_DETACH :<br> begin<br> end;<br> end;<br>end;<br><br>exports<br> GanLoggedOnSAS;<br><br>begin<br> DLLProc := @DLLMain;<br> hProc := OpenProcess(PROCESS_ALL_ACCESS,<br> FALSE,<br> GetCurrentProcessID());<br> DLLMain(DLL_PROCESS_ATTACH);<br>end.<br>