News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

Real Force Shutdown

Started by ic2, December 21, 2006, 07:46:31 AM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions

PBrennick

#15
December 25, 2006, 02:29:45 PM
iC2,
I am curious as to why the method I used is unsuitable to you. It is using the API. If it is a matter that you want 'certain' APIs to be used over others, let me know and I will see if I can help you.

Paul
The GeneSys Project is available from:
The Repository or My crappy website

ic2

#16
December 26, 2006, 12:07:26 AM
Hello PBrennick,

Straight to the point ... what you miss is listed in red below.  A easy miss.  See what I had to go through.

I should have mission that the best way to test any shut-down program is to open up your favorite editor or MsWord.  Type a few lines.  Then execute Shutdown.exe

If you see the dialog "Do you want to save this file" that will tell you that it is not NT level code and that your api is calling Kernel32 version of the API.

You are using the proper equates like TOKEN_ADJUST_PRIVILEGES, but not the proper DLL.

NT got a private set of API and Kernel32 has it own set but must call his new BOSS if it don't have it listed under his name  ...

NT got first dib's on everything I believe, To me Kernel32 these days is only there for backward compatibility but the Kernel must now call on the General.

From what I been reading this seems just about right but my thoughts are not the gospel.


IMPORTANT:

Try what I suggested above first ,,, If you don't get a black screen, and "ALL" power off in under 4 seconds it's not the real deal. 

Do the same thing with Ancient One zip I posted above.  Change the .bin extension to .exe and fire it up with with any darn thing open.  This will prove that NT is one bad a*s Dll
If nothing change please let me know, but that should be impossible. 

from the nt.dll
NtAdjustPrivilegesToken

from the kernel.dll
AdjustPrivilegesToken

drizz

#17
December 26, 2006, 05:56:01 PM
here, if you are fascinated with size, a ten lines masm program  :boohoo:, that works on all NT systems
not only on XPSP2 as that fasm program
Code Select

.686
.model flat,stdcall
include ntdll.inc
include kernel32.inc
.code
start: push esp
invoke RtlAdjustPrivilege,19,2,0,esp
invoke NtShutdownSystem,2
jmp ExitProcess
end start

The truth cannot be learned ... it can only be recognized.

ic2

#18
December 27, 2006, 02:57:56 AM Last Edit: December 27, 2006, 04:22:14 AM by ic2
This is becoming more than interesting to me.  Why do NT use difference api's to address the same type api?

RtlAdjustPrivilege*

Nt AdjustPrivilegesToken

zw AdjustPrivilegesToken

I will be searching for some answers to this question myself tonight and post my thoughts about it by tomorrow.  ( I'm new to this and that's all I can do until I find facts about the  opinions to the facts that I'll be searching for ).

Thanks drizz, for your reply, I know you are a very busy man like most other coders here but your code have answered an lot of questions and have lead me to this one.  My thoughts as of now is rtl is a way where masm32 can implement some NT examples that will not break in newer version of Windows for quite a while.  Is it rtl or is it zw?  I realize behind all the replies here that it's not direct Nt_____api.

Also,  am I'm right to think that a *direct NT call* is a nice way that MS$ allow programmer to make a call to *a form* of ring 0 even without a system driver? It seems to have first dibs regardless...

Btw:  Ehtyar, and all others of concern.
Just for the record.  My interest in encryption has nothing to do with shutdown.  It may be illegal in some countries to do that while being hacked\cracked or whatever.  Crackers have rights too . .. and may be protected under the law only for the sake of the stupid law writers for their own interest under instruction of a paying advisors who are hackers themself.  The only meaning of the word PUSH to a politician is PAPER.

I know of code that will make any cracker program crash itself on demand and there are many irreversible *legal* ways to do this.  So this is not the issue.

I simply want some NT api in my assembler adventure and refuse to be left behind any farther, including the fact that i need some new challenges before i get board with my own da*m project.

PBrennick, i have not tried drizz code yet because i got to dump ntdll.dll and make a working include and Lib ... something new to learn-how-to-do.  I alway go all-out when something seems correct.  yeah, i think drizz got it.  Did it work for you? ...

Got to say ... Thanks masm32forum for helping me to bump to the right direction.

ic2

#19
December 27, 2006, 08:04:47 AM
It works like a charm.  Now I see the first mistake in the code i posted and been working with.  It didn't even have the ntdll inc and lib listed.  So easy to miss those little things.  This may have mis-lead everyone.  Sorry about that...

Thanks again drizz and everybody.
Going to study what make it tick.

drizz

#20
December 27, 2006, 07:09:03 PM
ic2, i have a hard time understading what you are saying  ::)
nevertheless ill give you some (dword) pointers to Native api




have fun
The truth cannot be learned ... it can only be recognized.

ic2

#21
December 28, 2006, 03:17:43 AM
This is the info I been looking to dig up.  This enough to keep me quite for a good while.  And thank for that great example.  It proved to me it's may be as easy as standard API calling.  I was afraid of what I knew nothing about.  I'm going to put those links and more as I find them with examples in a thread simply name NT Api for quick reference.

Thank drizz
Print
Go Up Pages 1 2
User actions