1、Windows:Windows evilbogy :2005-12-3007:45 WindowsEvilbogy,BT,win2kshutdown.exe,XP,Q,showlife,9x/NT,Delphi7+windows2000.,.evilbogy2005-12-3104:48winautodown.rar(179K):180 sobiny :2005-12-3012:06 1繫 kiki :2005-12-3012:37 2if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES|TOKEN
2、_QUERY,&hToken) return0; LookupPrivilegeValue(NULL,SE_SHUTDOWN_NAME,&tkp.Privileges0.Luid); tkp.PrivilegeCount=1; tkp.Privileges0.Attributes=SE_PRIVILEGE_ENABLED; AdjustTokenPrivileges(hToken,FALSE,&tkp,0,(PTOKEN_PRIVILEGES)NULL,0); InitiateSystemShutdown( NULL, NULL, 0, TRUE, FALSE ); evilbogy :200
3、5-12-3019:07 3UP,NTAPISeShutdownPrivilege jimwin123 :2005-12-3023:19 4BATXPSHUTDOWNEXE𣿲 jacky :2005-12-3109:19 5XP snafor :2006-01-0818:35 6RING0BIOSint15h acactus :2006-01-0904:26 7Windows.386p.modelflat,stdcalloptioncasemap:noneincludeC:masm32binALLDLLDlgProcproto:dword,:dword,:dword,:dwor
4、d.datahInstancedd?privilegedbSeShutdownPrivilege,0.codeAdjustTokenproc local hdlProcessHandle local hdlTokenHandle local tp:TOKEN_PRIVILEGES local lBufferNeeded local os:OSVERSIONINFO mov os.dwOSVersionInfoSize,sizeofOSVERSIONINFO invoke GetVersionExA,addros cmp os.dwPlatformId,VER_PLATFORM_WIN32_NT
5、 jne F invoke GetCurrentProcess mov hdlProcessHandle,eax invoke OpenProcessToken,hdlProcessHandle,TOKEN_ADJUST_PRIVILEGESorTOKEN_QUERY,addrhdlTokenHandle invoke LookupPrivilegeValue,0,addrprivilege,addrtp.Privileges.Luid mov tp.PrivilegeCount,1 mov tp.Privileges.Attributes,SE_PRIVILEGE_ENABLED invok
6、e AdjustTokenPrivileges,hdlTokenHandle,FALSE,addrtp,sizeofTOKEN_PRIVILEGES,addrtp,addrlBufferNeeded : retAdjustTokenendp;=ResetNowprociCode localbuf256,pClose,pAdjust,hNtDll invokeLoadLibrary,CTXT(NtDll.dll) .ifeax movhNtDll,eax invokeGetProcAddress,hNtDll,CTXT(ZwShutdownSystem) movpClose,eax invoke
7、GetProcAddress,hNtDll,CTXT(RtlAdjustPrivilege) movpAdjust,eax .ifeax&pClose leaeax,buf pusheax push1 push1 push13H moveax,pAdjust calleax .ifeax=0C000007CH leaeax,buf pusheax push0 push1 push13H moveax,pAdjust calleax .endif pushiCode moveax,pClose calleax .endif .endif retResetNowendp;=Close_Clickp
8、roc invokeResetNow,0 retClose_Clickendp;=Relog_Clickproc invoke AdjustToken invoke ExitWindowsEx,EWX_LOGOFForEWX_FORCE,0FFFFh retRelog_Clickendp;=cq_Clickproc invokeResetNow,1 retcq_Clickendp;=Standby_Clickproc invoke AdjustToken invoke SetSystemPowerState,1,1 retStandby_Clickendp;=xm_Clickproc invo
9、ke AdjustToken invoke SetSystemPowerState,0,1 retxm_Clickendp;-start:; invokeGetModuleHandle,0 movhInstance,eax invokeDialogBoxParam,hInstance,9999,0,addrDlgProc,0 invokeExitProcess,eax;-DlgProcprochWnd,uMsg,wParam,lParammoveax,uMsg.IFeax=WM_INITDIALOG invokeLoadIcon,hInstance,1001 invokeSendMessage
10、,hWnd,WM_SETICON,ICON_BIG,eax.ELSEIFuMsg=WM_CLOSE MsgBox0,48 invokeEndDialog,hWnd,0 .ELSEIFeax=WM_COMMAND movedx,hWnd moveax,wParam .ifeax=1009 invokeClose_Click .elseifeax=1010 invokeRelog_Click .elseifeax=1011 invokeStandby_Click .elseifeax=1012 invokexm_Click .elseifeax=1013 invokecq_Click .elsei
11、feax=1014 invokeSleep,1000 invokeSendMessage,hWnd,WM_SYSCOMMAND,SC_MONITORPOWER,2 .endif.ELSE xoreax,eax ret.ENDIFmoveax,TRUEretDlgProcendp;-endstart acactus :2006-01-0904:28 8Windows.386.modelflat,stdcall;32bitmemorymodeloptioncasemap:none;casesensitiveincluderesshutdown.inc.data szMutexdb_Me?,0.da
12、ta? g_hInst dd? g_hDatePicker dd? g_hTimePicker dd? g_hCombobar dd? g_hTime dd? g_hFont dd? g_systime SYSTEMTIME ;趨 g_nid NOTIFYICONDATA g_bTiming dd? ; g_bSysNT dd? ;NT g_iCount dd? icex INITCOMMONCONTROLSEX g_buf db128dup(?) g_hIconMain dd? g_hIconStart dd? hMutex dd? WM_TASKBARCREATEdd?.codestart
13、: invokeGetModuleHandle,NULL mov g_hInst,eax invokeCreateMutex,NULL,TRUE,offsetszMutex movhMutex,eax invokeGetLastError ; cmpeax,ERROR_ALREADY_EXISTS ; jzF invoke RtlZeroMemory,addricex,sizeofINITCOMMONCONTROLSEX mov icex.dwSize,sizeofINITCOMMONCONTROLSEX mov icex.dwICC,ICC_DATE_CLASSES invoke InitC
14、ommonControlsEx,addricex invoke DialogBoxParam,g_hInst,DLG_MAIN,NULL,addrMainDlgProc,NULL : invoke ExitProcess,0;#MainDlgProcprochWnd:HWND,uMsg:UINT,wParam:WPARAM,lParam:LPARAM LOCAL systime:SYSTEMTIME mov eax,uMsg .ifeax=WM_INITDIALOG invoke _Init,hWnd .elseifeax=WM_COMMAND mov eax,wParam and eax,0
15、ffffh .ifeax=IDC_APPLY ; mov g_bTiming,TRUE ;1000WM_TIMER invoke SetTimer,hWnd,ID_TIMER1,1000,NULL invoke SendMessage,g_hDatePicker,DTM_GETSYSTEMTIME,0,addrsystime invoke SendMessage,g_hTimePicker,DTM_GETSYSTEMTIME,0,addrg_systime m2m g_systime.wYear,systime.wYear m2m g_systime.wMonth,systime.wMonth
16、 m2m g_systime.wDay,systime.wDay pushad ; movzx eax,g_systime.wYear movzx ebx,g_systime.wMonth movzx ecx,g_systime.wDay movzx edx,g_systime.wHour movzx esi,g_systime.wMinute movzx edi,g_systime.wSecond invoke wsprintf,addrg_buf,CTXT(%d-%d-%d%d:%d:%d),eax,ebx,ecx,edx,esi,edi popad invoke SetWindowTex
17、t,g_hTime,addrg_buf invoke _ModifyTrayIcon,hWnd,1 .elseifeax=IDC_MINIMIZE ; invoke ShowWindow,hWnd,SW_HIDE .endif ; .elseifeax=WM_TIMER invoke GetLocalTime,addrsystime .if!g_bTiming jmp lexit .endif movzx eax,g_systime.wYear .ifax!=systime.wYear ; jmp lexit .endif movzx eax,g_systime.wMonth .ifax!=s
18、ystime.wMonth ; jmp lexit .endif movzx eax,g_systime.wDay .ifax!=systime.wDay ;Ri jmp lexit .endif movzx eax,g_systime.wHour .ifax!=systime.wHour ; jmp lexit .endif movzx eax,g_systime.wMinute .ifax!=systime.wMinute ; jmp lexit .endif invoke KillTimer,hWnd,ID_TIMER1 invoke DialogBoxParam,g_hInst,DLG
19、_COUNT,NULL,addrCountDlgProc,NULL .ifeax=0 jmp lkill .endif invoke SendMessage,g_hCombobar,CB_GETCURSEL,0,0 .ifeax=0 invoke _ShutDown,0 ; .elseifeax=1 invoke _ShutDown,1 ; .endif lkill: invoke RtlZeroMemory,addrg_systime,sizeofSYSTEMTIME mov g_bTiming,FALSE invoke RtlZeroMemory,addrg_buf,128 invoke
20、SetWindowText,g_hTime,addrg_buf invoke _ModifyTrayIcon,hWnd,2 lexit: ; .elseifeax=WM_ACTIVATE invoke GetLocalTime,addrsystime invoke SendMessage,g_hDatePicker,DTM_SETSYSTEMTIME,0,addrsystime invoke SendMessage,g_hTimePicker,DTM_SETSYSTEMTIME,0,addrsystime .elseifeax=WM_PAINT invoke _Paint,hWnd .else
21、ifuMsg=WM_CTLCOLORSTATIC invokeGetDlgCtrlID,lParam .ifeax=IDC_TIME invoke SetTextColor,wParam,COLOR(255,0,0) invoke GetSysColor,COLOR_BTNFACE push eax invoke SetBkColor,wParam,eax call CreateSolidBrush ret .else mov eax,FALSE ret .endif .elseifeax=WM_ICONNOTIFY mov eax,lParam .ifeax=WM_LBUTTONDOWN i
22、nvoke ShowWindow,hWnd,SW_SHOW invoke SetForegroundWindow,hWnd .endif .elseifeax=WM_TASKBARCREATE invoke _ModifyTrayIcon,hWnd,2 .elseifeax=WM_CLOSE invoke Shell_NotifyIcon,NIM_DELETE,addrg_nid invoke KillTimer,hWnd,ID_TIMER1 invoke EndDialog,hWnd,0 .else mov eax,FALSE ret .endif mov eax,TRUE retMainD
23、lgProcendp;_InitprochWnd:HWND LOCAL systime:SYSTEMTIME LOCAL osvi:OSVERSIONINFO pushad invoke LoadIcon,g_hInst,IDI_START mov g_hIconStart,eax invoke LoadIcon,g_hInst,IDI_MAIN mov g_hIconMain,eax invoke SendMessage,hWnd,WM_SETICON,ICON_SMALL,eax invokeSetWindowPos,hWnd,HWND_TOPMOST,0,0,0,0,SWP_NOSIZE
24、orSWP_NOMOVE ; invoke RtlZeroMemory,addrosvi,sizeofOSVERSIONINFO mov osvi.dwOSVersionInfoSize,sizeofOSVERSIONINFO invoke GetVersionEx,addrosvi .ifosvi.dwPlatformId=VER_PLATFORM_WIN32_NT mov g_bSysNT,TRUE .else mov g_bSysNT,FALSE .endif invoke _ModifyTrayIcon,hWnd,0 invoke GetDlgItem,hWnd,IDC_DATEPIC
25、KER mov g_hDatePicker,eax invoke GetDlgItem,hWnd,IDC_TIMEPICKER mov g_hTimePicker,eax invoke GetDlgItem,hWnd,IDC_TIME mov g_hTime,eax ; invoke GetLocalTime,addrsystime invoke SendMessage,g_hDatePicker,DTM_SETSYSTEMTIME,0,addrsystime invoke SendMessage,g_hTimePicker,DTM_SETSYSTEMTIME,0,addrsystime in
26、voke RtlZeroMemory,addrg_systime,sizeofSYSTEMTIME ;壬 invoke CreateFont,16,6,0,0,FW_NORMAL,FALSE,FALSE,0,0,0,0,0,0,CTXT() mov g_hFont,eax ;趨 invoke GetDlgItem,hWnd,IDC_SHUTDOWNTYPE mov g_hCombobar,eax invoke SendMessage,g_hCombobar,CB_ADDSTRING,0,CTXT() .ifg_bSysNT invoke SendMessage,g_hCombobar,CB_A
27、DDSTRING,0,CTXT() .endif invoke SendMessage,g_hCombobar,CB_SETCURSEL,0,0 ;趨 mov g_bTiming,FALSE ;ShellTaskbarTaskbarCreated invoke RegisterWindowMessage,CTXT(TaskbarCreated) mov WM_TASKBARCREATE,eax popad ret_Initendp;_PaintprochWnd:HWND LOCAL hdc:HDC LOCAL ps:PAINTSTRUCT LOCAL rect:RECT LOCAL pt:PO
28、INT pushad ; invoke BeginPaint,hWnd,addrps mov hdc,eax invoke GetDlgItem,hWnd,IDC_GROUP mov ebx,eax invoke GetWindowRect,ebx,addrrect mov ebx,rect.left invoke GetDlgItem,hWnd,IDC_MINIMIZE mov esi,eax invoke GetWindowRect,esi,addrrect m2m pt.x,rect.left m2m pt.y,rect.bottom invoke ScreenToClient,hWnd
29、,addrpt m2m rect.right,pt.x m2m rect.bottom,pt.y m2m pt.x,ebx m2m pt.y,rect.top invoke ScreenToClient,hWnd,addrpt m2m rect.left,pt.x m2m rect.top,pt.y ; invoke SetBkMode,hdc,TRANSPARENT invoke SelectObject,hdc,g_hFont invoke GetSysColor,COLOR_3DHILIGHT invoke SetTextColor,hdc,eax invoke DrawText,hdc
30、,CTXT(C)2000-2005),27,addrrect,DT_VCENTERorDT_LEFTorDT_SINGLELINE invoke GetSysColor,COLOR_3DSHADOW invoke SetTextColor,hdc,eax invoke OffsetRect,addrrect,-1,-1 invoke DrawText,hdc,CTXT(C)2000-2005),27,addrrect,DT_VCENTERorDT_LEFTorDT_SINGLELINE invoke EndPaint,hWnd,addrps popad ret_Paintendp;_ShutD
31、ownprociflag:DWORD pushad .ifg_bSysNT ;WindowsNT/2000/XP .ififlag=0 ; invokeResetNow,6 .else ; invokeResetNow,3 .endif .else ;Windows98/95; invoke ExitWindowsEx,EWX_SHUTDOWN+EWX_FORCE+EWX_POWEROFF,0 .endif popad ret_ShutDownendpCountDlgProcprochWnd:HWND,uMsg:UINT,wParam:WPARAM,lParam:LPARAM mov eax,
32、uMsg .ifeax=WM_INITDIALOG invokeSetWindowPos,hWnd,HWND_TOPMOST,0,0,0,0,SWP_NOSIZEorSWP_NOMOVE mov g_iCount,15 invoke SetTimer,hWnd,ID_TIMER2,1000,NULL invoke SetDlgItemInt,hWnd,IDC_COUNT,g_iCount,FALSE .elseifeax=WM_COMMAND mov eax,wParam and eax,0ffffh .ifeax=IDC_START invoke KillTimer,hWnd,ID_TIME
33、R2 invoke EndDialog,hWnd,1 .elseifeax=IDC_CANCEL invoke KillTimer,hWnd,ID_TIMER2 invoke EndDialog,hWnd,0 .endif .elseifeax=WM_TIMER dec g_iCount invoke SetDlgItemInt,hWnd,IDC_COUNT,g_iCount,FALSE .ifg_iCount=0 invoke KillTimer,hWnd,ID_TIMER2 invoke EndDialog,hWnd,1 .endif .elseifeax=WM_CTLCOLORSTATI
34、C invokeGetDlgCtrlID,lParam .ifeax=IDC_COUNT invoke SetTextColor,wParam,COLOR(255,0,0) invoke GetSysColor,COLOR_BTNFACE push eax invoke SetBkColor,wParam,eax call CreateSolidBrush ret .else mov eax,FALSE ret .endif .elseifeax=WM_CLOSE invoke KillTimer,hWnd,ID_TIMER2 invoke EndDialog,hWnd,1 .else mov
35、 eax,FALSE ret .endif mov eax,TRUE retCountDlgProcendp;_ModifyTrayIconprochWnd:HWND,iFlag:DWORD mov g_nid.cbSize,sizeofNOTIFYICONDATA m2m g_nid.hwnd,hWnd mov g_nid.uID,0 mov g_nid.uFlags,NIF_ICON+NIF_MESSAGE+NIF_TIP mov g_nid.uCallbackMessage,WM_ICONNOTIFY .ifiFlag=0 ; .ifg_bTiming m2m g_nid.hIcon,g
36、_hIconStart invoke lstrcpy,addrg_nid.szTip,CTXT() invoke lstrcat,addrg_nid.szTip,addrg_buf .else m2m g_nid.hIcon,g_hIconMain invoke lstrcpy,addrg_nid.szTip,CTXT() .endif invoke Shell_NotifyIcon,NIM_ADD,addrg_nid .elseifiFlag=1; m2m g_nid.hIcon,g_hIconStart invoke lstrcpy,addrg_nid.szTip,CTXT() invok
37、e lstrcat,addrg_nid.szTip,addrg_buf invoke Shell_NotifyIcon,NIM_MODIFY,addrg_nid .elseifiFlag=2; m2m g_nid.hIcon,g_hIconMain invoke lstrcpy,addrg_nid.szTip,CTXT() invoke Shell_NotifyIcon,NIM_MODIFY,addrg_nid .endif ret_ModifyTrayIconendp;ResetNowprociCode localbuf256,pClose,pAdjust,hNtDll invokeLoad
38、Library,CTXT(NtDll.dll) .ifeax movhNtDll,eax invokeGetProcAddress,hNtDll,CTXT(ZwInitiatePowerAction) movpClose,eax invokeGetProcAddress,hNtDll,CTXT(RtlAdjustPrivilege) movpAdjust,eax .ifeax&pClose leaeax,buf pusheax push1 push1 push13H moveax,pAdjust calleax .ifeax=0C000007CH leaeax,buf pusheax push
39、0 push1 push13H moveax,pAdjust calleax .endif push0 push0 push5 pushiCode ;3-,6- moveax,pClose calleax .endif .endif retResetNowendpendstart#includec:masm32includeresource.h;=;=#define DLG_MAIN 1000#define IDC_STATIC -1#define IDC_GROUP 1001#define IDC_DATEPICKER 1002#define IDC_TIMEPICKER 1003#defi
40、ne IDC_SHUTDOWNTYPE 1004#define IDC_APPLY 1005#define IDC_TIME 1006#define IDC_MINIMIZE 1007#define DLG_COUNT 1100#define IDC_COUNT 1101#define IDC_CANCEL 1102#define IDC_START 1103;=;=#define IDI_MAIN 900#define IDI_START 901IDI_MAIN ICON resmain.icoIDI_START ICON resstart.ico1 24 resxptheme.xml;=;
41、=DLG_MAINDIALOGDISCARDABLE0,0,202,126STYLE DS_MODALFRAME|DS_CENTER|WS_POPUP|WS_CAPTION|WS_SYSMENUCAPTIONv3.1 QQ:32301665FONT 9,BEGIN GROUPBOX 趨,IDC_GROUP,9,9,184,86 LTEXT Ri:,IDC_STATIC,20,28,28,8 CONTROL DateTimePicker1,IDC_DATEPICKER,SysDateTimePick32, DTS_RIGHTALIGN|DTS_UPDOWN|WS_TABSTOP,60,25,58
42、,13 LTEXT :,IDC_STATIC,20,52,28,8 CONTROL DateTimePicker1,IDC_TIMEPICKER,SysDateTimePick32, DTS_RIGHTALIGN|DTS_UPDOWN|WS_TABSTOP|0x8,60,50,58, 13 COMBOBOX IDC_SHUTDOWNTYPE,129,25,52,33,CBS_DROPDOWNLIST| WS_VSCROLL|WS_TABSTOP PUSHBUTTON (&A),IDC_APPLY,129,50,52,14 LTEXT 趨:,IDC_STATIC,20,75,28,8 LTEXT
43、 ,IDC_TIME,62,75,121,8 DEFPUSHBUTTON (&M),IDC_MINIMIZE,141,104,52,14ENDDLG_COUNTDIALOGEX0,0,181,85STYLE DS_MODALFRAME|DS_CENTER|WS_POPUP|WS_CAPTIONEXSTYLE WS_EX_TOOLWINDOWCAPTION FONT 9,BEGIN ICON IDI_MAIN,IDC_STATIC,11,13,21,21 LTEXT , IDC_STATIC,51,11,120,17 LTEXT :,IDC_STATIC,53,35,28,8 LTEXT 15,
44、IDC_COUNT,87,35,14,8 LTEXT ,IDC_STATIC,104,35,10,8 LTEXT ,IDC_STATIC,9,52,164,1,SS_SUNKEN DEFPUSHBUTTON ,IDC_CANCEL,129,64,44,14 PUSHBUTTON ,IDC_START,9,64,44,14END1VERSIONINFOFILEVERSION3,0,0,1PRODUCTVERSION3,0,0,1FILEOS0x10004FILETYPE0x1BLOCKStringFileInfo BLOCK080404b0 VALUEComments,v3.1 VALUEFil
45、eDescription,v3.1 VALUEInternalName,0 VALUEFileVersion,3,0,0,1 VALUELegalCopyright,(c)2000-2005 VALUEProductName, VALUELegalTrademarks,acactus QQ:32301665 BLOCKVarFileInfo VALUETranslation,0x08040x04B0 evilbogy :2006-01-0905:00 9vip(c)Copyleft2003-2007,EvilOctalSecurityTeam.ThisfileisdecompiledbyanunregisteredversionofChmDecompiler.Regsiteredversiondoesnotshowthismessage.YoucandownloadChmDecompilerat:
