有谁知道，如何编程关闭WIN7的文件保护啊？

awdder

          如标题，跪求！{:soso_e109:}

Tesla.Angela

放一份收藏多年的关闭WINDOWS FILE PROTECT的代码给你，POWERBASIC写的，至于现在还能不能用，那就不知道了。

1. 
   
2. #COMPILE EXE
   
3. #DIM ALL
   
4. #INCLUDE "Win32Api.inc"
   
5. #INCLUDE "TlHelp32.inc"
   
6. 
   
7. TYPE CLIENT_ID
   
8.         UniqueProcess AS LONG
   
9.         UniqueThread AS LONG
   
10. END TYPE
    
11. 
    
12. TYPE THREAD_BASIC_INFORMATION
    
13.     ExitStatus AS LONG
    
14.     TebBaseAddress AS LONG
    
15.     ClientId AS CLIENT_ID
    
16.     AffinityMask AS LONG
    
17.     PRIORITY AS LONG
    
18.     BasePriority AS LONG
    
19. END TYPE
    
20. 
    
21. DECLARE FUNCTION GetModuleFileNameEx LIB "PsApi.DLL" ALIAS _
    
22. "GetModuleFileNameExA"( _
    
23. BYVAL hProcess AS DWORD, _
    
24. BYVAL hModule AS DWORD, _
    
25. lpFilename     AS ASCIIZ, _
    
26. BYVAL nSize    AS DWORD) AS LONG
    
27. DECLARE FUNCTION GetMappedFileName LIB "PSAPI.DLL" ALIAS "GetMappedFileNameA" ( _
    
28.         BYVAL hProcess AS DWORD, _
    
29.         BYVAL lpv AS DWORD, _
    
30.         lpFileName AS ASCIIZ, _
    
31.         BYVAL nSize AS DWORD _
    
32. ) AS DWORD
    
33. DECLARE FUNCTION RtlAdjustPrivilege LIB _
    
34.             "ntdll.dll" ALIAS "RtlAdjustPrivilege"(BYVAL Privilege AS LONG, _
    
35.             BYVAL ENABLE AS LONG, BYVAL CLIENT AS LONG, _
    
36.             WasEnabled AS LONG) AS LONG
    
37. DECLARE FUNCTION ZwQueryInformationThread LIB "NTDLL.DLL" ALIAS "ZwQueryInformationThread" (BYVAL ThreadHandle AS LONG,BYVAL _
    
38.                 ThreadInformationClass AS LONG,BYVAL ThreadInformation AS LONG,BYVAL ThreadInformationLength AS LONG,BYVAL ReturnLength AS LONG) AS DWORD
    
39. DECLARE FUNCTION NtSuspendThread _
    
40.                LIB "ntdll.dll" ALIAS "NtSuspendThread"(BYVAL ThreadHandle AS LONG, _
    
41.                                 BYREF PreviousSuspendCount AS LONG) AS LONG
    
42. DECLARE FUNCTION NtResumeThread _
    
43.                LIB "ntdll.dll" ALIAS "NtResumeThread"(BYVAL ThreadHandle AS LONG, _
    
44.                                 BYREF PreviousSuspendCount AS LONG) AS LONG
    
45. %ThreadBasicInformation = 0
    
46. %ThreadQuerySetWin32StartAddress = 9
    
47. FUNCTION PBMAIN () AS LONG
    
48.     LOCAL hSnapshot AS DWORD, lResult AS DWORD, TE32 AS THREADENTRY32, PE32 AS PROCESSENTRY32
    
49. 
    
50.     RtlAdjustPrivilege(20, 1, 0, 0)
    
51. 
    
52.     hSnapshot = CreateToolHelp32SnapShot (%TH32CS_SNAPPROCESS, BYVAL 0)
    
53.     PE32.dwSize = LEN(PE32)
    
54.     lResult = Process32First(hSnapshot, PE32)
    
55.     IF hSnapshot <> %INVALID_HANDLE_VALUE THEN
    
56.         WHILE lResult <> 0
    
57.             IF INSTR(LCASE$(PE32.szExeFile),LCASE$("Winlogon.exe")) > 0 THEN
    
58.                 hSnapshot = CreateToolHelp32SnapShot (%TH32CS_SNAPTHREAD OR %TH32CS_SNAPMODULE, BYVAL PE32.th32ProcessID)
    
59.                     IF hSnapshot <> %INVALID_HANDLE_VALUE THEN
    
60.                     TE32.dwSize = SIZEOF(TE32)
    
61.                     lResult = Thread32First (hSnapshot, TE32)
    
62.                     WHILE ISTRUE lResult
    
63.                         IF TE32.th32OwnerProcessID = PE32.th32ProcessID THEN
    
64.                             IF INSTR(LCASE$(GetImageNameByThread(TE32.th32ThreadID)),LCASE$("sfc_os.dll")) >0 THEN
    
65.                                 LOCAL hThread AS LONG
    
66.                                 hThread = OpenThread(%THREAD_SUSPEND_RESUME, %FALSE, TE32.th32ThreadID)
    
67.                                 NtSuspendThread(hThread,0)
    
68.                             END IF
    
69.                         END IF
    
70.                         lResult = Thread32Next (hSnapshot, TE32)
    
71.                     WEND
    
72.                     CloseHandle hSnapshot
    
73.                 END IF
    
74.             END IF
    
75.             lResult = Process32Next(hSnapshot, PE32)
    
76.         WEND
    
77.         CloseHandle hSnapshot
    
78.     END IF
    
79. END FUNCTION
    
80. 
    
81. FUNCTION GetImageNameByThread(BYVAL TID AS LONG) AS STRING
    
82.     LOCAL TBI AS THREAD_BASIC_INFORMATION
    
83.     LOCAL STATUS AS LONG
    
84.     LOCAL hThread AS LONG
    
85.     LOCAL hProcess AS LONG
    
86.     LOCAL StartAddr AS LONG
    
87.     LOCAL ModName AS ASCIIZ * %MAX_PATH
    
88.     LOCAL ImageName AS ASCIIZ * %MAX_PATH
    
89. 
    
90.     hThread = OpenThread(BYVAL %THREAD_QUERY_INFORMATION, BYVAL %FALSE, BYVAL TID)
    
91.     STATUS = ZwQueryInformationThread(hThread,%ThreadQuerySetWin32StartAddress,VARPTR(StartAddr), LEN(StartAddr),%NULL)
    
92.     STATUS = ZwQueryInformationThread(hThread,%ThreadBasicInformation,VARPTR(TBI), SIZEOF(TBI),%NULL)
    
93.     hProcess = OpenProcess(%PROCESS_QUERY_INFORMATION OR %PROCESS_VM_READ, %False, TBI.ClientId.UniqueProcess)
    
94. 
    
95.     GetMappedFileName(hProcess,BYVAL StartAddr, ImageName, SIZEOF(ImageName))'可执行代码所在模块
    
96.     ImageName = TRIM$(ImageName)
    
97.     IF ImageName = "" OR ImageName = "?" THEN ImageName = "NULL"
    
98.     CloseHandle(hThread)
    
99.     CloseHandle(hProcess)
    
100.     FUNCTION = ImageName
     
101. END FUNCTION
     

复制代码

代码作者好像是“倒霉蛋儿”。