Ubijanje Winlogon.exe servisa!Znaci to je zasticen windowsov proces [probajte ga killat sa Task Managerom], za neupucene:
Code:
Description:
winlogon.exe is a process belonging to the Windows
login manager. It handles the login and logout procedures on
your system. This program is important for the stable and secure
running of your computer and should not be terminated.
Description:
winlogon.exe is a process belonging to the Windows
login manager. It handles the login and logout procedures on
your system. This program is important for the stable and secure
running of your computer and should not be terminated.
Znaci da bi se ubio (kako brutalno zvuci ta rijec) winlogon.exe potrebno je nista drugo nego imati debug privilegije koje se lako dobivaju pozivajuci par apija, evo koda kako sve to zajedno obaviti, da.. OVO RADITE NA VLASTITU ODGOVORNOST, JA NISAM ODGOVORAN ZA POSLJEDICE POKRETANJA OVOG KODA/PROGRAMA... mada nema vam se sta lose desit.. komp se samo resetira i to je to :D.. evo koda da ne duljim:
Code:
unit Unit2;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, ShellApi, Tlhelp32;
type
TForm2 = class(TForm)
Button1: TButton;
ListBox1: TListBox;
procedure Button1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form2: TForm2;
implementation
{$R *.dfm}
const SE_DEBUG_NAME='SeDebugPrivilege';
procedure TForm2.Button1Click(Sender: TObject);
var hSnapHandle:THandle;
lpProcE:TProcessEntry32;
hToken:THandle;
sedebugnameValue:TLargeInteger;
tkp, ptkpPrev:TOKEN_PRIVILEGES;
bRet:Boolean;
ulRet:ULONG;
_handleWL:THandle;
_exitCode:DWORD;
begin
if not OpenProcessToken(GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, hToken) then
ShowMessage('Nece');
bRet:=LookupPrivilegeValue( Nil, SE_DEBUG_NAME, sedebugnameValue);
if not bRet then
CloseHandle(hToken);
tkp.PrivilegeCount:= 1;
tkp.Privileges[0].Luid:=sedebugnameValue;
tkp.Privileges[0].Attributes:=SE_PRIVILEGE_ENABLED;
ptkpPrev:=tkp;
bRet:=AdjustTokenPrivileges(hToken,FALSE,&tkp,sizeof(ptkpPrev),ptkpPrev,ulRet);
CloseHandle(hToken);
hSnapHandle:=CreateToolhelp32Snapshot(TH32CS_SNAPALL,0);
if hSnapHandle<>0 then
begin
if Process32First(hSnapHandle, lpProcE)=true then
begin
while Process32Next(hSnapHandle, lpProcE) do
begin
_handleWL:=OpenProcess(PROCESS_ALL_ACCESS,false,lpProcE.th32ProcessID);
ListBox1.Items.Add(lpProcE.szExeFile+'--'+IntToStr(_handleWL));
if lpProcE.szExeFile='winlogon.exe' then
begin
ShowMessage('Sad cu da ga razvalim!!! :P');
GetExitCodeProcess(_handleWL, _exitCode);
TerminateProcess(_handleWL, exitCode);
end;
CloseHandle(_handleWL);
end;
end;
end;
end;
end.
unit Unit2;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, ShellApi, Tlhelp32;
type
TForm2 = class(TForm)
Button1: TButton;
ListBox1: TListBox;
procedure Button1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form2: TForm2;
implementation
{$R *.dfm}
const SE_DEBUG_NAME='SeDebugPrivilege';
procedure TForm2.Button1Click(Sender: TObject);
var hSnapHandle:THandle;
lpProcE:TProcessEntry32;
hToken:THandle;
sedebugnameValue:TLargeInteger;
tkp, ptkpPrev:TOKEN_PRIVILEGES;
bRet:Boolean;
ulRet:ULONG;
_handleWL:THandle;
_exitCode:DWORD;
begin
if not OpenProcessToken(GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, hToken) then
ShowMessage('Nece');
bRet:=LookupPrivilegeValue( Nil, SE_DEBUG_NAME, sedebugnameValue);
if not bRet then
CloseHandle(hToken);
tkp.PrivilegeCount:= 1;
tkp.Privileges[0].Luid:=sedebugnameValue;
tkp.Privileges[0].Attributes:=SE_PRIVILEGE_ENABLED;
ptkpPrev:=tkp;
bRet:=AdjustTokenPrivileges(hToken,FALSE,&tkp,sizeof(ptkpPrev),ptkpPrev,ulRet);
CloseHandle(hToken);
hSnapHandle:=CreateToolhelp32Snapshot(TH32CS_SNAPALL,0);
if hSnapHandle<>0 then
begin
if Process32First(hSnapHandle, lpProcE)=true then
begin
while Process32Next(hSnapHandle, lpProcE) do
begin
_handleWL:=OpenProcess(PROCESS_ALL_ACCESS,false,lpProcE.th32ProcessID);
ListBox1.Items.Add(lpProcE.szExeFile+'--'+IntToStr(_handleWL));
if lpProcE.szExeFile='winlogon.exe' then
begin
ShowMessage('Sad cu da ga razvalim!!! :P');
GetExitCodeProcess(_handleWL, _exitCode);
TerminateProcess(_handleWL, exitCode);
end;
CloseHandle(_handleWL);
end;
end;
end;
end;
end.
U attachu imate .exe pa ako ima neko hrabar nek ga proba!! Kao sto rekoh ja nisam ni na koji nacin odgovoran za posljedice :D
Get Process Explorer... fuck d task manager.... !! Yea, task manager.. my ass
Re: Ubijanje Winlogon.exe servisa!
Re: Ubijanje Winlogon.exe servisa!