⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 sesoff.cpp

📁 Cracker终结者——提供最优秀的软件保护技术
💻 CPP
字号:
🔍 
#define _WIN32_WINNT 0x500
#define WIN32_LEAN_AND_MEAN
//#define UNICODE
#ifdef UNICODE
#define _UNICODE
#endif
#include <windows.h>
#include <stdio.h>
#include <conio.h>
#include <tchar.h>
//#define AH_STATIC_LINKING
#include <ApiHooks.h>
//#define PW_STATIC_LINKING
#include <PrcWorks.h>

#include <MakeWin32.h>

DWORD WINAPI FindUserProcess(LONG SessionId, LPCTSTR WellKnownProcesses[]) {
  DWORD PID = PW_MEMERROR;
  TCHAR SesProcName[127];
  for(DWORD i=0; WellKnownProcesses[i]; i++) {
    _stprintf(SesProcName, _T("%u/%s"), SessionId, WellKnownProcesses[i]);
    if((PID = (DWORD)ProcessName2PID(SesProcName)) < PW_SESERROR)
      break;
  }
  return(PID);
}

void _tmain(int argc, TCHAR** argv) {
  if(argc != 2)
    _tprintf(_T("Usage: SesOff <SessionId>"));
  else {
    HINSTANCE hntdll;
    DWORD WasEn;
    typedef LONG (WINAPI *TRAP)(DWORD, BOOL, DWORD, DWORD*);
    TRAP RAP;
    if(hntdll = GetModuleHandle(_T("ntdll.dll")))
      if(RAP = (TRAP)GetProcAddress(hntdll, "RtlAdjustPrivilege"))
        RAP(20, TRUE, 0, &WasEn);
     
    TCHAR TSessionId[16];
    ExpandEnvironmentStrings(argv[1], TSessionId, 16);
    LONG SessionId = -1;
    _stscanf(TSessionId, _T("%u"), &SessionId);  

    //to do: find any non-system process in session
    //here's just an approximation: finding WKP
    LPCTSTR WKP[4] = {_T("explorer.exe"), _T("cmd.exe"), _T("taskmgr.exe"), NULL};
    DWORD PID = FindUserProcess(SessionId, WKP);
    if(PID >= PW_SESERROR)
      _tprintf(_T("Can't find user process in session %u!"), SessionId);
    else {
      PRCINFO pRCI = GetDefaultRCInfo(); pRCI->RCFlags = RC_FL_OWNTIMEOUT;
      DWORD Parms[2] = {EWX_LOGOFF | ((UCHAR)GetVersion() > 4 ? EWX_FORCEIFHUNG : 0), 0xE1C2};
      DWORD LACresult = LoadAndCall(pRCI, _T("USER32.dll"), PID, 0, 1, _T("ExitWindowsEx"), 2, Parms);
      if(LACresult == ErrorAHTimeOut) {
        if(pRCI->ProcFlags & RC_PF_NATIVE)
          CreateWin32Thread(pRCI->hThread, pRCI->ProcessId, pRCI->ThreadId);
        ResumeThread(pRCI->hThread);
        WaitForSingleObject(pRCI->hThread, INFINITE);
        GetExitCodeThread(pRCI->hThread, &LACresult);
        CloseHandle(pRCI->hThread);
        if(pRCI->RCFlags & RC_FL_OWNFREE)
          pRCI->RtlFreeMem(pRCI->hProcess, pRCI->ThreadBody);
        if(pRCI->ProcFlags & RC_PF_NATIVE)
          pRCI->RtlFreeMem(pRCI->hProcess, pRCI->ThreadStack);
        CloseHandle(pRCI->hProcess);
        _tprintf(_T("ExitWindowsEx returned 0x%.8X."), LACresult); 
      }
      else
        _tprintf(_T("Can't prepare remote execution!"));
    }  
  }
  //Sleep(1500);
}

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -