有谁知道,如何编程关闭WIN7的文件保护啊?
如标题,跪求!{:soso_e109:} 放一份收藏多年的关闭WINDOWS FILE PROTECT的代码给你,POWERBASIC写的,至于现在还能不能用,那就不知道了。#COMPILE EXE
#DIM ALL
#INCLUDE "Win32Api.inc"
#INCLUDE "TlHelp32.inc"
TYPE CLIENT_ID
UniqueProcess AS LONG
UniqueThread AS LONG
END TYPE
TYPE THREAD_BASIC_INFORMATION
ExitStatus AS LONG
TebBaseAddress AS LONG
ClientId AS CLIENT_ID
AffinityMask AS LONG
PRIORITY AS LONG
BasePriority AS LONG
END TYPE
DECLARE FUNCTION GetModuleFileNameEx LIB "PsApi.DLL" ALIAS _
"GetModuleFileNameExA"( _
BYVAL hProcess AS DWORD, _
BYVAL hModule AS DWORD, _
lpFilename AS ASCIIZ, _
BYVAL nSize AS DWORD) AS LONG
DECLARE FUNCTION GetMappedFileName LIB "PSAPI.DLL" ALIAS "GetMappedFileNameA" ( _
BYVAL hProcess AS DWORD, _
BYVAL lpv AS DWORD, _
lpFileName AS ASCIIZ, _
BYVAL nSize AS DWORD _
) AS DWORD
DECLARE FUNCTION RtlAdjustPrivilege LIB _
"ntdll.dll" ALIAS "RtlAdjustPrivilege"(BYVAL Privilege AS LONG, _
BYVAL ENABLE AS LONG, BYVAL CLIENT AS LONG, _
WasEnabled AS LONG) AS LONG
DECLARE FUNCTION ZwQueryInformationThread LIB "NTDLL.DLL" ALIAS "ZwQueryInformationThread" (BYVAL ThreadHandle AS LONG,BYVAL _
ThreadInformationClass AS LONG,BYVAL ThreadInformation AS LONG,BYVAL ThreadInformationLength AS LONG,BYVAL ReturnLength AS LONG) AS DWORD
DECLARE FUNCTION NtSuspendThread _
LIB "ntdll.dll" ALIAS "NtSuspendThread"(BYVAL ThreadHandle AS LONG, _
BYREF PreviousSuspendCount AS LONG) AS LONG
DECLARE FUNCTION NtResumeThread _
LIB "ntdll.dll" ALIAS "NtResumeThread"(BYVAL ThreadHandle AS LONG, _
BYREF PreviousSuspendCount AS LONG) AS LONG
%ThreadBasicInformation = 0
%ThreadQuerySetWin32StartAddress = 9
FUNCTION PBMAIN () AS LONG
LOCAL hSnapshot AS DWORD, lResult AS DWORD, TE32 AS THREADENTRY32, PE32 AS PROCESSENTRY32
RtlAdjustPrivilege(20, 1, 0, 0)
hSnapshot = CreateToolHelp32SnapShot (%TH32CS_SNAPPROCESS, BYVAL 0)
PE32.dwSize = LEN(PE32)
lResult = Process32First(hSnapshot, PE32)
IF hSnapshot <> %INVALID_HANDLE_VALUE THEN
WHILE lResult <> 0
IF INSTR(LCASE$(PE32.szExeFile),LCASE$("Winlogon.exe")) > 0 THEN
hSnapshot = CreateToolHelp32SnapShot (%TH32CS_SNAPTHREAD OR %TH32CS_SNAPMODULE, BYVAL PE32.th32ProcessID)
IF hSnapshot <> %INVALID_HANDLE_VALUE THEN
TE32.dwSize = SIZEOF(TE32)
lResult = Thread32First (hSnapshot, TE32)
WHILE ISTRUE lResult
IF TE32.th32OwnerProcessID = PE32.th32ProcessID THEN
IF INSTR(LCASE$(GetImageNameByThread(TE32.th32ThreadID)),LCASE$("sfc_os.dll")) >0 THEN
LOCAL hThread AS LONG
hThread = OpenThread(%THREAD_SUSPEND_RESUME, %FALSE, TE32.th32ThreadID)
NtSuspendThread(hThread,0)
END IF
END IF
lResult = Thread32Next (hSnapshot, TE32)
WEND
CloseHandle hSnapshot
END IF
END IF
lResult = Process32Next(hSnapshot, PE32)
WEND
CloseHandle hSnapshot
END IF
END FUNCTION
FUNCTION GetImageNameByThread(BYVAL TID AS LONG) AS STRING
LOCAL TBI AS THREAD_BASIC_INFORMATION
LOCAL STATUS AS LONG
LOCAL hThread AS LONG
LOCAL hProcess AS LONG
LOCAL StartAddr AS LONG
LOCAL ModName AS ASCIIZ * %MAX_PATH
LOCAL ImageName AS ASCIIZ * %MAX_PATH
hThread = OpenThread(BYVAL %THREAD_QUERY_INFORMATION, BYVAL %FALSE, BYVAL TID)
STATUS = ZwQueryInformationThread(hThread,%ThreadQuerySetWin32StartAddress,VARPTR(StartAddr), LEN(StartAddr),%NULL)
STATUS = ZwQueryInformationThread(hThread,%ThreadBasicInformation,VARPTR(TBI), SIZEOF(TBI),%NULL)
hProcess = OpenProcess(%PROCESS_QUERY_INFORMATION OR %PROCESS_VM_READ, %False, TBI.ClientId.UniqueProcess)
GetMappedFileName(hProcess,BYVAL StartAddr, ImageName, SIZEOF(ImageName))'可执行代码所在模块
ImageName = TRIM$(ImageName)
IF ImageName = "" OR ImageName = "?" THEN ImageName = "NULL"
CloseHandle(hThread)
CloseHandle(hProcess)
FUNCTION = ImageName
END FUNCTION
代码作者好像是“倒霉蛋儿”。
页:
[1]