shutdown.asm

可以用masm32编译

.386
.model flat,stdcall
option casemap:none
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; Include 文件定义
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
include windows.inc
include user32.inc
include advapi32.inc
includelib user32.lib
include kernel32.inc
includelib advapi32.lib
includelib kernel32.lib
.data
_hProcess	label	dword
	db	4	dup(?)
	align	4
_hAccessToken	label	dword
	db	4	dup(?)
	align	4
_LUID_AND_ATTRIBUTES1	label	byte
	db	12	dup(?)
	align	4
_TOKEN_PRIVILEGES1	label	byte
	db	16	dup(?)
	align	4
_BufferIsNull	label	dword
	db	4	dup(?)
	align	4
_Luid	label	byte
	db	8	dup(?)
s@	label	byte
	;	s@+0:
	db	"SeShutdownPrivilege",0
.code
start:
	push ebp
	mov ebp,esp
 ;	
 ;	{
 ;	
 ;	hProcess=GetCurrentProcess();
 ;	
@1:
	call GetCurrentProcess
	mov dword ptr [_hProcess],eax
 ;	
 ;	OpenProcessToken(hProcess,TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY,&hAccessToken);
 ;	
	push offset _hAccessToken
	push 40
	push dword ptr [_hProcess]
	call OpenProcessToken
 ;	
 ;	LookupPrivilegeValue(NULL,SE_SHUTDOWN_NAME,&Luid);
 ;	
	push offset _Luid
	push offset s@
	push 0
	call LookupPrivilegeValueA
 ;	
 ;	LUID_AND_ATTRIBUTES1.Attributes=SE_PRIVILEGE_ENABLED;
 ;	
	mov dword ptr [_LUID_AND_ATTRIBUTES1+8],2
 ;	
 ;	 LUID_AND_ATTRIBUTES1.Luid=Luid;
 ;	
	mov eax,dword ptr [_Luid]
	mov dword ptr [_LUID_AND_ATTRIBUTES1],eax
	mov eax,dword ptr [_Luid+4]
	mov dword ptr [_LUID_AND_ATTRIBUTES1+4],eax
 ;	
 ;	TOKEN_PRIVILEGES1.PrivilegeCount=1;
 ;	
	mov dword ptr [_TOKEN_PRIVILEGES1],1
 ;	
 ;	TOKEN_PRIVILEGES1.Privileges[0]=LUID_AND_ATTRIBUTES1;
 ;	
	mov edx,dword ptr [_LUID_AND_ATTRIBUTES1]
	mov dword ptr [_TOKEN_PRIVILEGES1+4],edx
	mov edx,dword ptr [_LUID_AND_ATTRIBUTES1+4]
	mov dword ptr [_TOKEN_PRIVILEGES1+8],edx
	mov edx,dword ptr [_LUID_AND_ATTRIBUTES1+8]
	mov dword ptr [_TOKEN_PRIVILEGES1+12],edx
 ;	
 ;	BufferIsNull=0;
 ;	
	xor ecx,ecx
	mov dword ptr [_BufferIsNull],ecx
 ;	
 ;	AdjustTokenPrivileges(hAccessToken,
 ;	
	push offset _BufferIsNull
	push 0
	push 16
	push offset _TOKEN_PRIVILEGES1
	push 0
	push dword ptr [_hAccessToken]
	call AdjustTokenPrivileges
 ;	
 ;	        false,
 ;	        &TOKEN_PRIVILEGES1,
 ;	        sizeof(TOKEN_PRIVILEGES),
 ;	        NULL,
 ;	        &BufferIsNull);
 ;	ExitWindowsEx(EWX_SHUTDOWN, 1);
 ;	
	push 1
	push 1
	call ExitWindowsEx
invoke ExitProcess,NULL
	end start