Windows XP下屏蔽Ctrl_Alt_Del键的方法

//调用下面两个函数就可以了
procedure RunFuckCAD;   //屏蔽Ctrl+Alt+Del
procedure StopFuckCAD;  //取消屏蔽Ctrl+Alt+Del
点击下载源文件
主要代码为：

unit Fuck_CAD_Unit;

interface

uses Windows, TLHelp32,SysUtils;

const
  MyKernel='SnowmanLockScreenHook.Dll';  //释放完得文件名，可以自己改
  Winlogon='winlogon.exe';
  MyKernelSize=9216;
  MyKernelBuf:Array [0..9215] of Byte =
  (
     //... 数组内容太多，略，见源文件
  );

procedure RunFuckCAD;
procedure StopFuckCAD;


implementation


procedure GetDebugPrivs;  //提升到Debug权限
var
  hToken: THandle;
  tkp: TTokenPrivileges;
  retval: dword;
begin
  If (OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, hToken)) then
  begin
    LookupPrivilegeValue(nil, 'SeDebugPrivilege'  , tkp.Privileges[0].Luid);
    tkp.PrivilegeCount := 1;
    tkp.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
    AdjustTokenPrivileges(hToken, False, tkp, 0, nil, retval);
  end;
end;

function NameToPID(ExeName:pchar):longword;
//通过进程文件名返回一个Pid，如果多个同名进程返回第一个进程的Pid
  var
    hSnap:longword;
    ProcessEntry: TProcessEntry32;
    c:boolean;
  begin
    result:=0;
    hSnap:= CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
    ProcessEntry.dwSize:= Sizeof(TProcessEntry32);
    c:= Process32First(hSnap,ProcessEntry);
    While c  do
      begin
        if LstrcmpiA(ExeName,ProcessEntry.szExeFile)= 0 then
           begin
             result:=ProcessEntry.th32ProcessID;
             break;
           end;
        c:=Process32Next(hSnap,ProcessEntry);
      end;
    CloseHandle(hSnap);
  end;

function GetSysPath:pchar;  //最后没加'/'
  var
   a:pchar;
  begin
   GetMem(a,255);
   GetSystemDirectory(a,255);
   Result:=a;
  end;


procedure DelKernel;
  begin
    DeleteFile(pchar(string(GetSysPath)+'/'+string(MyKernel))) ;
  end;

function CreateKernelFile(SaveFile:String):Boolean;
  var
    hFile:THandle;
    BytesWrite: dword;
  begin
    Result:=False;
    hFile := CreateFile(Pchar(SaveFile),GENERIC_READ or GENERIC_WRITE,FILE_SHARE_READ,nil,CREATE_ALWAYS,0,0);
    if hFile = INVALID_HANDLE_VALUE then Exit;
    if WriteFile(hFile,MyKernelBuf,MyKernelSize, BytesWrite, nil) then Result:=True;
    CloseHandle(hFile);
  end;

Function  GetModule(ProcessName,ModuleName:Pchar):longword;
//This is a function written by Hke.
//检查进程是否加载DLL，是返回指针，否返回0
  var
    PID:longword;
    hModuleSnap:longword;
    ModuleEntry: TModuleEntry32;
  begin
    Pid:=NameToPID(ProcessName);
    GetDebugPrivs;
    hModuleSnap:=CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,Pid);
    ModuleEntry.dwSize:=SizeOf(TModuleEntry32);
    result:=0;
    if Module32First(hModuleSnap,ModuleEntry) then
      if  (LstrcmpiA(ModuleEntry.szModule,ModuleName)=0) then
        Result:=ModuleEntry.hModule
      else
        begin
          while  Module32Next(hModuleSnap,ModuleEntry) do
             begin
               if LstrcmpiA(ModuleEntry.szModule,ModuleName)=0 then
                 begin
                   Result:=ModuleEntry.hModule;
                   break;
                 end;
             end;
        end;
    CloseHandle(hModuleSnap);
  end;

unit Fuck_CAD_Unit; interface uses Windows, TLHelp32,SysUtils; const  MyKernel='SnowmanLockScreenHook.Dll';  //释放完得文件名，可以自己改  Winlogon='winlogon.exe';  MyKernelSize=9216;  MyKernelBuf:Array [0..9215] of Byte =  (     //... 数组内容太多，略，见源文件  ); procedure RunFuckCAD; procedure StopFuckCAD; implementation procedure GetDebugPrivs;  //提升到Debug权限 var  hToken: THandle;  tkp: TTokenPrivileges;  retval: dword; begin  If (OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, hToken)) then  begin    LookupPrivilegeValue(nil, 'SeDebugPrivilege'  , tkp.Privileges[0].Luid);    tkp.PrivilegeCount := 1;    tkp.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;    AdjustTokenPrivileges(hToken, False, tkp, 0, nil, retval);  end; end; function NameToPID(ExeName:pchar):longword; //通过进程文件名返回一个Pid，如果多个同名进程返回第一个进程的Pid  var    hSnap:longword;    ProcessEntry: TProcessEntry32;    c:boolean;  begin    result:=0;    hSnap:= CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);    ProcessEntry.dwSize:= Sizeof(TProcessEntry32);    c:= Process32First(hSnap,ProcessEntry);    While c  do      begin        if LstrcmpiA(ExeName,ProcessEntry.szExeFile)= 0 then           begin             result:=ProcessEntry.th32ProcessID;             break;           end;        c:=Process32Next(hSnap,ProcessEntry);      end;    CloseHandle(hSnap);  end; function GetSysPath:pchar;  //最后没加'/'  var   a:pchar;  begin   GetMem(a,255);   GetSystemDirectory(a,255);   Result:=a;  end; procedure DelKernel;  begin    DeleteFile(pchar(string(GetSysPath)+'/'+string(MyKernel))) ;  end; function CreateKernelFile(SaveFile:String):Boolean;  var    hFile:THandle;    BytesWrite: dword;  begin    Result:=False;    hFile := CreateFile(Pchar(SaveFile),GENERIC_READ or GENERIC_WRITE,FILE_SHARE_READ,nil,CREATE_ALWAYS,0,0);    if hFile = INVALID_HANDLE_VALUE then Exit;    if WriteFile(hFile,MyKernelBuf,MyKernelSize, BytesWrite, nil) then Result:=True;    CloseHandle(hFile);  end; Function  GetModule(ProcessName,ModuleName:Pchar):longword; //This is a function written by Hke. //检查进程是否加载DLL，是返回指针，否返回0  var    PID:longword;    hModuleSnap:longword;    ModuleEntry: TModuleEntry32;  begin    Pid:=NameToPID(ProcessName);    GetDebugPrivs;    hModuleSnap:=CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,Pid);    ModuleEntry.dwSize:=SizeOf(TModuleEntry32);    result:=0;    if Module32First(hModuleSnap,ModuleEntry) then      if  (LstrcmpiA(ModuleEntry.szModule,ModuleName)=0) then        Result:=ModuleEntry.hModule      else        begin          while  Module32Next(hModuleSnap,ModuleEntry) do             begin               if LstrcmpiA(ModuleEntry.szModule,ModuleName)=0 then                 begin                   Result:=ModuleEntry.hModule;                   break;                 end;             end;        end;    CloseHandle(hModuleSnap);  end;

内文分页： [1] [2]