Hey.
i was wondeirng on how cna u shut down ur pc "rudely" that is jsut to cut the power and be done with it?
Also how to do a normal shut down of the pc...
thx.
Posted on 2004-10-05 21:23:00 by ReVeR
ReVeR
Search 'SeShutdownPrivilege'.
Posted on 2004-10-05 21:34:14 by P2M
rundll32.exe user.exe,ExitWindows
rundll32.exe user.exe,ExitWindowsExec
rundll32.exe shell32.dll,SHExitWindowsEx n

where n stands for:
0 - LOGOFF
1 - SHUTDOWN
2 - REBOOT
4 - FORCE
8 - POWEROFF

(can be combined -> 6 = 2+4 FORCE REBOOT)
Posted on 2004-10-06 01:18:55 by pwn


invoke EnableBooting
invoke ExitWindowsEx, EWX_SHUTDOWN, 0h


With:


EnableBooting proc
LOCAL hProcess:DWORD
LOCAL hToken:DWORD
LOCAL TokenPriv:TOKEN_PRIVILEGES
LOCAL tkpDummy:TOKEN_PRIVILEGES
LOCAL lDummy:DWORD

invoke GetCurrentProcess
mov hProcess, eax

invoke OpenProcessToken, hProcess, TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, addr hToken
invoke LookupPrivilegeValue, 0h, S('SeShutdownPrivilege'), addr TokenPriv.Privileges.Luid
mov TokenPriv.PrivilegeCount, 1d
mov TokenPriv.Privileges.Attributes, SE_PRIVILEGE_ENABLED
invoke AdjustTokenPrivileges, hToken, FALSE, addr TokenPriv, size TOKEN_PRIVILEGES, addr tkpDummy, addr lDummy
invoke CloseHandle, hToken
ret
EnableBooting endp


On NT/XP there are process tokens that determine what privileges the process has. The EnableBooting-Procedure sets the shutdown-privilege for the current process. After that you can easily call ExitWindowsEx...
Dominik
Posted on 2004-10-06 04:48:07 by Dom
rundll32.exe user.exe,ExitWindows

what the hell is that?
Posted on 2004-10-06 11:03:00 by ReVeR
rundll32.exe user.exe,ExitWindows

what the hell is that?


rundll32.exe is a program in the Windows directory. It's use above is often used in batch files to shut down the computer, reboot, etc.
Posted on 2004-10-11 19:41:41 by skywalker
Ok, as we go into stuff i need to get something off:
rundll comes from ms and can be used to execute special functions from DLLs, EXE files or cpl files. It only runs on special modules (dlls, exes, cpls) that are made for compability with rundll, it does not work with ordinary DLLs/EXE files.

The user.exe is a windows file that holds such rundll-compatible functions, for example ExitWindows. The syntax is the following:
rundll32.exe / rundll.exe <modul>,<function>

Other valid modules are: user, krnl386.exe, sysdm.cpl, Shell, shell32.dll, diskcopy.dll, for example.

Google for a list of all known rundll32 commands...

Programming Aspect:
As this functions rely on windows version/ execution rights and are very OS-specific, I would rather code such functions on my own instead of using CreateProcess on rundll32.exe. The usage of rundll32 is nice for shortcuts but should in source only be used for special cases, i.e. you are unable to write such a function on your own.
Dominik
Posted on 2004-10-12 04:17:20 by Dom