XP下怎样屏蔽Ctrl+Alt+Del组合键(好像比较高难)(200分)

  • 主题发起人 主题发起人 zleo
  • 开始时间 开始时间
Z

zleo

Unregistered / Unconfirmed
GUEST, unregistred user!
我在w2000下能实现屏蔽,但xp下就没效果了,有高手知道吗?<br>(2000下用dll注入,hook msgina.dll 的'WlxLoggedOnSAS'<br>&nbsp; 函数直接返回WLX_SAS_ACTION_NONE)<br>要求尽量能用delphi实现,不用驱动<br>
 
thanks 在线等待,急....
 
xp中按下Ctrl+Alt+Del好像不调用WlxLoggedOnSAS<br>那它显示任务管理器是调用的哪个函数呢?<br>
 
是不是分少了阿,同胞们,给个意见嘛...
 
可以用替换动态链接库Gina.dll的方法我有VC 写的源码.
 
把3个健其中的任意一个抠掉
 
TO:gxgoo<br>&nbsp; &nbsp; 高招啊,高招。厉害啊,厉害。哈哈啊,哈哈哈,终于找到方法了。:P<br>挂个HOOK不知道行不行?
 
to Jack.yang :<br>我的方法和替换Gina.dll好像差不多,只不过是在内存里直接修改了Gina.dll<br>导出函数的入口地址。<br>2000下改"WlxLoggedOnSAS"就可以了,但xp下不知道改哪个
 
这是w2k下禁止ctrl+alt+del的dll源码,哪位大侠能使它在xp下生效!<br>library insertdll;<br>uses<br>&nbsp; Windows,<br>&nbsp; Messages,<br>&nbsp; SysUtils;<br><br>{$R *.RES}<br><br>type<br>&nbsp; TCode5 = packed record<br>&nbsp; &nbsp; siJmp : ShortInt;<br>&nbsp; &nbsp; dwAddr : DWORD;<br>&nbsp; end;<br>&nbsp; TThunkFunc = (tfWlxLoggedOnSAS);<br>&nbsp; TThunkFuncName = packed record<br>&nbsp; &nbsp; strMod &nbsp; &nbsp; &nbsp; &nbsp;: string; &nbsp;// 系统模块名称<br>&nbsp; &nbsp; strSysProc &nbsp; &nbsp;: string; &nbsp;// 系统DLL中的名字<br>&nbsp; &nbsp; strThunkProc &nbsp;: string; &nbsp;// 你替换的函数的名字,必须在DLL的引出表中<br>&nbsp; end;<br>&nbsp; TThunkCode = packed record<br>&nbsp; &nbsp; codeBak &nbsp; &nbsp; &nbsp; : TCode5; &nbsp;// 系统函数的代码的前5个字节<br>&nbsp; &nbsp; codeThunk &nbsp; &nbsp; : TCode5; &nbsp;// 跳转到你的代码的5个字节<br>&nbsp; &nbsp; addr_sys &nbsp; &nbsp; &nbsp;: Pointer; // 系统函数的地址<br>&nbsp; &nbsp; addr_thunk &nbsp; &nbsp;: Pointer; // 替换函数的地址<br>&nbsp; &nbsp; bInstalled &nbsp; &nbsp;: boolean; // 安装了吗?<br>&nbsp; end;<br><br>const<br>&nbsp; ThunkFuncNameArr : array[TThunkFunc] of TThunkFuncName = (<br>&nbsp; &nbsp; (strMod : 'msgina.dll'; &nbsp;strSysProc : 'WlxLoggedOnSAS'; &nbsp; &nbsp;strThunkProc : 'GanLoggedOnSAS')<br>&nbsp; );<br>var<br>&nbsp; ThunkCodeArr : array[TThunkFunc] of TThunkCode;<br>&nbsp; hProc : THandle;<br><br>procedure InitThunkCode;<br>var<br>&nbsp; tfType : TThunkFunc;<br>&nbsp; hMod : HMODULE;<br>&nbsp; pSysFunc, pThunkFunc : Pointer;<br>begin<br>&nbsp; for tfType := LOW(TThunkFunc) to HIGH(TThunkFunc) do begin<br>&nbsp; &nbsp; // clear to zero<br>&nbsp; &nbsp; FillChar(ThunkCodeArr[tfType], sizeof(TThunkCode), 0);<br><br>&nbsp; &nbsp; // fill it by right value<br>&nbsp; &nbsp; hMod := 0;<br>&nbsp; &nbsp; hMod := GetModuleHandle(PChar(ThunkFuncNameArr[tfType].strMod));<br>&nbsp; &nbsp; if hMod = 0 then continue;<br><br>&nbsp; &nbsp; pSysFunc := nil;<br>&nbsp; &nbsp; pSysFunc := GetProcAddress(hMod,<br>&nbsp; &nbsp; &nbsp; PChar(ThunkFuncNameArr[tfType].strSysProc));<br>&nbsp; &nbsp; if pSysFunc = nil then continue;<br><br>&nbsp; &nbsp; pThunkFunc := nil;<br>&nbsp; &nbsp; pThunkFunc := GetProcAddress(hInstance,<br>&nbsp; &nbsp; &nbsp; PChar(ThunkFuncNameArr[tfType].strThunkProc));<br>&nbsp; &nbsp; if pThunkFunc = nil then continue;<br><br>&nbsp; &nbsp; // now fill it!<br>&nbsp; &nbsp; ThunkCodeArr[tfType].addr_sys := pSysFunc;<br>&nbsp; &nbsp; ThunkCodeArr[tfType].addr_thunk := pThunkFunc;<br><br>&nbsp; &nbsp; ThunkCodeArr[tfType].codeThunk.siJmp := ShortInt($E9); &nbsp;// jmp ____<br>&nbsp; &nbsp; ThunkCodeArr[tfType].codeThunk.dwAddr :=<br>&nbsp; &nbsp; &nbsp; DWORD(pThunkFunc) - DWORD(pSysFunc) - 5;<br><br>&nbsp; &nbsp; ThunkCodeArr[tfType].codeBak.siJmp := PByte(pSysFunc)^;<br>&nbsp; &nbsp; ThunkCodeArr[tfType].codeBak.dwAddr := PDWORD(DWORD(pSysFunc)+1)^;<br>&nbsp; end;<br>end;<br><br>procedure InstallThunkFunc(tfType : TThunkFunc);<br>var<br>&nbsp; nCount : DWORD;<br>begin<br>&nbsp; if ThunkCodeArr[tfType].bInstalled then exit;<br>&nbsp; if (hProc=0) or (ThunkCodeArr[tfType].addr_sys=nil) then exit;<br>&nbsp; WriteProcessMemory(hProc,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;ThunkCodeArr[tfType].addr_sys,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;@(ThunkCodeArr[tfType].codeThunk),<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;5,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;nCount);<br>&nbsp; ThunkCodeArr[tfType].bInstalled := True;<br>end;<br><br>procedure UnInstallThunkFunc(tfType : TThunkFunc);<br>var<br>&nbsp; nCount : DWORD;<br>begin<br>&nbsp; if not ThunkCodeArr[tfType].bInstalled then exit;<br>&nbsp; if (hProc=0) or (ThunkCodeArr[tfType].addr_sys=nil) then exit;<br>&nbsp; WriteProcessMemory(hProc,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;ThunkCodeArr[tfType].addr_sys,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;@(ThunkCodeArr[tfType].codeBak),<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;5,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;nCount);<br>&nbsp; ThunkCodeArr[tfType].bInstalled := false;<br>end;<br><br>const<br>&nbsp; WLX_SAS_ACTION_NONE = 2;<br><br>function GanLoggedOnSAS(pWlxContext:pointer;<br> &nbsp;dwSasType : DWORD;<br> &nbsp;pReserved : Pointer):Integer;stdcall;<br>begin<br>&nbsp; result := WLX_SAS_ACTION_NONE;<br>end;<br><br>var<br>&nbsp; hThreadHandle : THANDLE;<br><br>procedure DllMain(dwReason : DWORD);<br>var<br>&nbsp; dwThreadID : DWORD;<br>begin<br>&nbsp; case dwReason of<br>&nbsp; &nbsp; DLL_PROCESS_ATTACH :<br>&nbsp; &nbsp; &nbsp; begin<br>&nbsp; &nbsp; &nbsp; &nbsp; InitThunkCode;<br>&nbsp; &nbsp; &nbsp; &nbsp; InstallThunkFunc(tfWlxLoggedOnSAS);<br>&nbsp; &nbsp; &nbsp; end;<br>&nbsp; &nbsp; DLL_PROCESS_DETACH :<br>&nbsp; &nbsp; &nbsp; begin<br>&nbsp; &nbsp; &nbsp; &nbsp; UninstallThunkFunc(tfWlxLoggedOnSAS);<br>&nbsp; &nbsp; &nbsp; &nbsp; CloseHandle(hProc);<br>&nbsp; &nbsp; &nbsp; end;<br>&nbsp; &nbsp; DLL_THREAD_ATTACH :<br>&nbsp; &nbsp; &nbsp; begin<br>&nbsp; &nbsp; &nbsp; end;<br>&nbsp; &nbsp; DLL_THREAD_DETACH :<br>&nbsp; &nbsp; &nbsp; begin<br>&nbsp; &nbsp; &nbsp; end;<br>&nbsp; end;<br>end;<br><br>exports<br>&nbsp; GanLoggedOnSAS;<br><br>begin<br>&nbsp; DLLProc := @DLLMain;<br>&nbsp; hProc := OpenProcess(PROCESS_ALL_ACCESS,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;FALSE,<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;GetCurrentProcessID());<br>&nbsp; DLLMain(DLL_PROCESS_ATTACH);<br>end.<br>
 
没人感兴趣阿,这个功能应该还是蛮有用的啊
 
你的我先借用了
 
我去老外的网站找了一圈也没有找到,看来XP还是太新了,对付它的方法还需要给那些高手<br>一些时间。<br>
 
to :lww<br>&nbsp; 谢谢你了:)<br>没办法了,暂时用土办法蒙骗蒙骗~~<br>用了个timer随时扫描系统里有没有"Windows 任务管理器"的窗口,一旦发现<br>就hide,colse,kill...^$%#^@#^&amp;$%^#$ 挺管用的
 
我已经能够屏蔽了,不使用定时器,虽然用定时器可以办到,但是如果一直 按着 <br>ctrl+alt+del,任务管理器会不停的运行直到你的程序死掉,而且任务管理会占用<br>全部资源直到死机。
 
gz,我是用c++写的gina.dll
 
后退
顶部