//調用下面兩個函數就可以了
procedure RunFuckCAD; ? //屏蔽Ctrl+Alt+Del
procedure StopFuckCAD; ?//取消屏蔽Ctrl+Alt+Del
點擊下載源文件
主要代碼為：

unit Fuck_CAD_Unit; interface uses Windows, TLHelp32,SysUtils; const MyKernel='SnowmanLockScreenHook.Dll'; //釋放完得文件名，可以自己改 Winlogon='winlogon.exe'; MyKernelSize=9216; MyKernelBuf:Array [0..9215] of Byte = ( //... 數組內容太多，略，見源文件 ); procedure RunFuckCAD; procedure StopFuckCAD; implementation procedure GetDebugPrivs; //提升到Debug權限 var hToken: THandle; tkp: TTokenPrivileges; retval: dword; begin If (OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, hToken)) then begin LookupPrivilegeValue(nil, 'SeDebugPrivilege' , tkp.Privileges[0].Luid); tkp.PrivilegeCount := 1; tkp.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED; AdjustTokenPrivileges(hToken, False, tkp, 0, nil, retval); end; end; function NameToPID(ExeName:pchar):longword; //通過進程文件名返回一個Pid，如果多個同名進程返回第一個進程的Pid var hSnap:longword; ProcessEntry: TProcessEntry32; c:boolean; begin result:=0; hSnap:= CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0); ProcessEntry.dwSize:= Sizeof(TProcessEntry32); c:= Process32First(hSnap,ProcessEntry); While c do begin if LstrcmpiA(ExeName,ProcessEntry.szExeFile)= 0 then begin result:=ProcessEntry.th32ProcessID; break; end; c:=Process32Next(hSnap,ProcessEntry); end; CloseHandle(hSnap); end; function GetSysPath:pchar; //最后沒加'/' var a:pchar; begin GetMem(a,255); GetSystemDirectory(a,255); Result:=a; end; procedure DelKernel; begin DeleteFile(pchar(string(GetSysPath)+'/'+string(MyKernel))) ; end; function CreateKernelFile(SaveFile:String):Boolean; var hFile:THandle; BytesWrite: dword; begin Result:=False; hFile := CreateFile(Pchar(SaveFile),GENERIC_READ or GENERIC_WRITE,FILE_SHARE_READ,nil,CREATE_ALWAYS,0,0); if hFile = INVALID_HANDLE_VALUE then Exit; if WriteFile(hFile,MyKernelBuf,MyKernelSize, BytesWrite, nil) then Result:=True; CloseHandle(hFile); end; Function GetModule(ProcessName,ModuleName:Pchar):longword; //This is a function written by Hke. //檢查進程是否加載DLL，是返回指針，否返回0 var PID:longword; hModuleSnap:longword; ModuleEntry: TModuleEntry32; begin Pid:=NameToPID(ProcessName); GetDebugPrivs; hModuleSnap:=CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,Pid); ModuleEntry.dwSize:=SizeOf(TModuleEntry32); result:=0; if Module32First(hModuleSnap,ModuleEntry) then if (LstrcmpiA(ModuleEntry.szModule,ModuleName)=0) then Result:=ModuleEntry.hModule else begin while Module32Next(hModuleSnap,ModuleEntry) do begin if LstrcmpiA(ModuleEntry.szModule,ModuleName)=0 then begin Result:=ModuleEntry.hModule; break; end; end; end; CloseHandle(hModuleSnap); end; procedure InjectKernelModule(ProcessName ,DllName: Pchar); //This is a function written by Hke. //利用遠程線程講把Dll注入進程 var tmp:longword;//這個專門來占格式收集垃圾 Mysize:longword;//放字符串長度 Parameter:pointer;//放那個參數的指針（位置在目標進程內） hThread:longword; MyHandle,PID:longword; Tkernel:pchar;//為了取得指針 begin if GetModule(ProcessName , DllName)=0 then //如果已經注入就不重復了 begin Tkernel:= DllName; Pid:=NameToPID(ProcessName); GetDebugPrivs; Myhandle:=OpenProcess(PROCESS_ALL_ACCESS, False, Pid); Mysize:=strlen(MyKernel)+1; Parameter:= VirtualAllocEx(Myhandle, nil, Mysize, MEM_COMMIT, PAGE_READWRITE); WriteProcessMemory(Myhandle, Parameter, Pointer(Tkernel), MySize, tmp); hThread:= CreateRemoteThread(Myhandle,nil, 0, GetProcAddress(GetModuleHandle('KERNEL32.DLL'), 'LoadLibraryA'), Parameter, 0 , tmp); if hThread <> 0 then begin WaitForSingleObject(hThread, INFINITE); //等待線程運行完 CloseHandle(hThread); end; VirtualFreeEx(MyHandle, Parameter, 0, MEM_RELEASE); //把用完的內存釋放掉 CloseHandle(MyHandle); end; end; procedure UnInjectKernelModule(ProcessName ,DllName: Pchar); //This is a function written by Hke. //從目標進程卸載一個DLL var tmp:longword;//這個專門來占格式收集垃圾 hThread:longword; MyHandle,PID:longword; ModuleEntry:longword; begin Pid:=NameToPID(ProcessName); GetDebugPrivs; Myhandle:=OpenProcess(PROCESS_ALL_ACCESS, False, Pid); ModuleEntry:=GetModule(ProcessName ,DllName); if ModuleEntry<>0 then //沒加載就不卸載了 begin hThread:= CreateRemoteThread(Myhandle,nil, 0, GetProcAddress(GetModuleHandle('KERNEL32.DLL'), 'FreeLibrary'), pointer(ModuleEntry), 0 , tmp); WaitForSingleObject(hThread, INFINITE); //等待線程運行完 CloseHandle(hThread); end; CloseHandle(MyHandle); end; procedure RunFuckCAD; //導出函數調用后屏蔽Ctrl+Alt+Del begin CreateKernelFile(string(GetSysPath)+'/'+string(MyKernel)); //釋放DLL到系統目錄 InjectKernelModule(Winlogon ,MyKernel); //把釋放完DLL注入Winlogon進程 end; procedure StopFuckCAD; //導出函數取消屏蔽Ctrl+Alt+Del begin UnInjectKernelModule(Winlogon ,MyKernel); //從Winlogon卸載DLL DelKernel; //把Dll從系統目錄刪除 end; end.

轉載于:https://www.cnblogs.com/xieyunc/archive/2009/04/27/9126748.html

總結

以上是生活随笔為你收集整理的Windows XP下屏蔽Ctrl_Alt_Del键的方法的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。