Hey.
i was wondeirng on how cna u shut down ur pc "rudely" that is jsut to cut the power and be done with it?
Also how to do a normal shut down of the pc...
thx.
i was wondeirng on how cna u shut down ur pc "rudely" that is jsut to cut the power and be done with it?
Also how to do a normal shut down of the pc...
thx.
ReVeR
Search 'SeShutdownPrivilege'.
Search 'SeShutdownPrivilege'.
rundll32.exe user.exe,ExitWindows
rundll32.exe user.exe,ExitWindowsExec
rundll32.exe shell32.dll,SHExitWindowsEx n
where n stands for:
0 - LOGOFF
1 - SHUTDOWN
2 - REBOOT
4 - FORCE
8 - POWEROFF
(can be combined -> 6 = 2+4 FORCE REBOOT)
rundll32.exe user.exe,ExitWindowsExec
rundll32.exe shell32.dll,SHExitWindowsEx n
where n stands for:
0 - LOGOFF
1 - SHUTDOWN
2 - REBOOT
4 - FORCE
8 - POWEROFF
(can be combined -> 6 = 2+4 FORCE REBOOT)
invoke EnableBooting
invoke ExitWindowsEx, EWX_SHUTDOWN, 0h
With:
EnableBooting proc
LOCAL hProcess:DWORD
LOCAL hToken:DWORD
LOCAL TokenPriv:TOKEN_PRIVILEGES
LOCAL tkpDummy:TOKEN_PRIVILEGES
LOCAL lDummy:DWORD
invoke GetCurrentProcess
mov hProcess, eax
invoke OpenProcessToken, hProcess, TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, addr hToken
invoke LookupPrivilegeValue, 0h, S('SeShutdownPrivilege'), addr TokenPriv.Privileges.Luid
mov TokenPriv.PrivilegeCount, 1d
mov TokenPriv.Privileges.Attributes, SE_PRIVILEGE_ENABLED
invoke AdjustTokenPrivileges, hToken, FALSE, addr TokenPriv, size TOKEN_PRIVILEGES, addr tkpDummy, addr lDummy
invoke CloseHandle, hToken
ret
EnableBooting endp
On NT/XP there are process tokens that determine what privileges the process has. The EnableBooting-Procedure sets the shutdown-privilege for the current process. After that you can easily call ExitWindowsEx...
Dominik
rundll32.exe user.exe,ExitWindows
what the hell is that?
what the hell is that?
rundll32.exe user.exe,ExitWindows
what the hell is that?
what the hell is that?
rundll32.exe is a program in the Windows directory. It's use above is often used in batch files to shut down the computer, reboot, etc.
Ok, as we go into stuff i need to get something off:
rundll comes from ms and can be used to execute special functions from DLLs, EXE files or cpl files. It only runs on special modules (dlls, exes, cpls) that are made for compability with rundll, it does not work with ordinary DLLs/EXE files.
The user.exe is a windows file that holds such rundll-compatible functions, for example ExitWindows. The syntax is the following:
rundll32.exe / rundll.exe <modul>,<function>
Other valid modules are: user, krnl386.exe, sysdm.cpl, Shell, shell32.dll, diskcopy.dll, for example.
Google for a list of all known rundll32 commands...
Programming Aspect:
As this functions rely on windows version/ execution rights and are very OS-specific, I would rather code such functions on my own instead of using CreateProcess on rundll32.exe. The usage of rundll32 is nice for shortcuts but should in source only be used for special cases, i.e. you are unable to write such a function on your own.
Dominik
rundll comes from ms and can be used to execute special functions from DLLs, EXE files or cpl files. It only runs on special modules (dlls, exes, cpls) that are made for compability with rundll, it does not work with ordinary DLLs/EXE files.
The user.exe is a windows file that holds such rundll-compatible functions, for example ExitWindows. The syntax is the following:
rundll32.exe / rundll.exe <modul>,<function>
Other valid modules are: user, krnl386.exe, sysdm.cpl, Shell, shell32.dll, diskcopy.dll, for example.
Google for a list of all known rundll32 commands...
Programming Aspect:
As this functions rely on windows version/ execution rights and are very OS-specific, I would rather code such functions on my own instead of using CreateProcess on rundll32.exe. The usage of rundll32 is nice for shortcuts but should in source only be used for special cases, i.e. you are unable to write such a function on your own.
Dominik