library ShutdownHooks;
{$IMAGEBASE $42800000}
uses
Windows,
madCodeHook,
sysutils;
// ***************************************************************
var
ExitWindowsExNext : function (flags, reserved: dword) : bool; stdcall;
InitiateSystemShutdownWNext : function (pc, msg: pwideChar; timeOut: dword; force, reboot: bool) : bool; stdcall;
InitiateSystemShutdownExWNext : function (pc, msg: pwideChar; timeOut: dword; force, reboot, reason: bool) : bool; stdcall;
procedure log(s:string);
var f:textfile;
begin
assignfile(f,'c:\hooking.log');
try
append(f);
except
rewrite(f);
end;
writeln(f,s);
closefile(f);
end;
function IsShutdownAllowed(flags: dword) : boolean;
var b1 : boolean;
begin
log('IsShutdownAllowed');
b1 := false;
if SendIpcMessage('ShutdownIpcQueue', @flags, 4, @b1, 1, 5000, false) and (not b1) then begin
result := false;
SetLastError(ERROR_ACCESS_DENIED);
end else
result := true;
end;
function ExitWindowsExCallback(flags, reserved: dword) : bool; stdcall;
begin
log('ExitWindowsExCallback');
result := IsShutdownAllowed(flags) and
ExitWindowsExNext(flags, reserved);
end;
function GetShutdownFlags(force, reboot: boolean) : dword;
begin
log('GetShutdownFlags');
if reboot then
result := EWX_REBOOT
else result := EWX_SHUTDOWN;
if force then
result := result or EWX_FORCE;
end;
function InitiateSystemShutdownWCallback(pc, msg: pwideChar; timeOut: dword; force, reboot: bool) : bool; stdcall;
begin
log('InitiateSystemShutdownWCallback');
result := IsShutdownAllowed(GetShutdownFlags(force, reboot)) and
InitiateSystemShutdownWNext(pc, msg, timeOut, force, reboot);
end;
function InitiateSystemShutdownExWCallback(pc, msg: pwideChar; timeOut: dword; force, reboot, reason: bool) : bool; stdcall;
begin
log('InitiateSystemShutdownExWCallback');
result := IsShutdownAllowed(GetShutdownFlags(force, reboot)) and
InitiateSystemShutdownExWNext(pc, msg, timeOut, force, reboot, reason);
end;
// ***************************************************************
begin
log('hook1 ok? '+booltostr(HookAPI( user32, 'ExitWindowsEx', @ExitWindowsExCallback, @ExitWindowsExNext),true));
log('hook2 ok? '+booltostr(HookAPI(advapi32, 'InitiateSystemShutdownW', @InitiateSystemShutdownWCallback, @InitiateSystemShutdownWNext),true));
log('hook3 ok? '+booltostr(HookAPI(advapi32, 'InitiateSystemShutdownExW', @InitiateSystemShutdownExWCallback, @InitiateSystemShutdownExWNext),true));
end.
---------end lib
--------------program:
program prog;
uses windows, madcodehook, sysutils;
var MayShutdown:boolean=false;
procedure log(s:string);
var f:textfile;
begin
assignfile(f,'c:\hooking.log');
try
append(f);
except
rewrite(f);
end;
writeln(f,s);
closefile(f);
end;
procedure ShutdownIpcQueue(name : pchar;
messageBuf : pointer;
messageLen : dword;
answerBuf : pointer;
answerLen : dword); stdcall;
var s1 : string;
begin
boolean(answerBuf^) := MayShutdown;
if not MayShutdown then begin
if dword(messageBuf^) and EWX_LOGOFF <> 0 then s1 := 'You''re not allowed to log off.'
else if dword(messageBuf^) and EWX_REBOOT <> 0 then s1 := 'You''re not allowed to restart Windows.'
else s1 := 'You''re not allowed to shutdown Windows.';
log('ShutdownIpcQueue: '+s1);
end;
end;
begin
CreateIpcQueue('ShutdownIpcQueue', ShutdownIpcQueue);
log('inject ok? ' + booltostr(InjectLibrary(ALL_SESSIONS or SYSTEM_PROCESSES, 'ShutdownHooks.dll'),true));
end.