用内核函数ZwShutdownSystem来写一个.没想到这个函数关机,太利索,不拖泥带水。另外有个NTShutdownSystem,用法也一样。下面是实现代码,需要注意的是,使用的三个函数都是ntdll.dll导出的,属于native api,是可以在ring3下运行,所以编译的时候不需要编译成sys。
.386
.model flat, stdcall
option casemap:none
include w2k
tddk.inc
include w2k
tdll.inc
includelib ntdll.lib
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.code
DriverEntry proc pDriverObject:PDRIVER_OBJECT, pusRegistryPath:PUNICODE_STRING
local ShutDown:DWORD
invoke RtlAdjustPrivilege,SE_SHUTDOWN_PRIVILEGE,TRUE,TRUE,addr ShutDown
.if eax==00C000007Ch
invoke RtlAdjustPrivilege,SE_SHUTDOWN_PRIVILEGE,TRUE,FALSE,addr ShutDown
invoke ZwShutdownSystem,2
.endif
mov eax, STATUS_DEVICE_CONFIGURATION_ERROR
ret
DriverEntry endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
end DriverEntry