News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests

Main Menu

Fast shutdown, but ...

Started by Magnum, January 25, 2013, 09:03:22 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Magnum

January 25, 2013, 09:03:22 AM

Code Select


; Bad_Idea.asm Very fast shutdown, but probably risky !!!
;              YOU HAVE BEEN WARNED !!
;
;  Thursday, January 24, 2013
;
;  Tested on XP Pro SP3 and Windows 7 SP1
;
; Author Subhas*asyam
;

.386
.model flat, stdcall
option casemap:none

include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
includelib \masm32\lib\kernel32.lib
include \masm32\include\ntdll.inc
includelib \masm32\lib\ntdll.lib

.data   

ResFlag     db  0,0
   
.code

start:

invoke RtlAdjustPrivilege,19,1,0,addr ResFlag ; Adjust privileges according to the table down

invoke NtShutdownSystem,2  ; Call NtShutDownSystem directly from ntdll.dll

end start
Take care,
                   Andy

Ubuntu-mate-18.04-desktop-amd64

http://www.goodnewsnetwork.org

bomz

#1
January 25, 2013, 09:20:10 AM
Code Select
.386
.model flat, stdcall
option casemap:none

include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
include \masm32\include\user32.inc
include \masm32\include\ntdll.inc
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\user32.lib
includelib \masm32\lib\ntdll.lib

.code

start:
invoke  RtlAdjustPrivilege,13h,1h,0h,esp
invoke  NtShutdownSystem,1
invoke ExitProcess, 0
end start
where is no sence in back value
no risky. it fast but system, use nuclear function, works under very empty win pe

risk - Forced Power Off

Code Select
invoke RtlAdjustPrivilege,13h,1h,0h,esp
invoke ExitWindowsEx, 12, 0 - try it

Magnum

#2
January 25, 2013, 10:02:49 AM
I tried your first code, but had to change 1 to a 0.

invoke  NtShutdownSystem,1 ; restart  computer

It's pretty fast.

Were you saying that it makes a small executable ?



Take care,
                   Andy

Ubuntu-mate-18.04-desktop-amd64

http://www.goodnewsnetwork.org

bomz

#3
January 25, 2013, 10:40:00 AM
C:\masm32\bin\link.exe /subsystem:windows /merge:.rdata=.text /dynamicbase:no "%~n1.obj"

Magnum

#4
January 25, 2013, 12:18:11 PM
Looks like this wouldn't work in XP.

/DYNAMICBASE[:NO]

Specifies whether to generate an executable image that can be randomly rebased at load time by using the address space layout randomization (ASLR) feature of Windows Vista.

I may look for a  ha-c  k to make my O.S. and link.exe think it's Vista. <Just kidding >

Andy

Take care,
                   Andy

Ubuntu-mate-18.04-desktop-amd64

http://www.goodnewsnetwork.org

hutch--

#5
January 25, 2013, 12:51:54 PM
You guys are treading on dangerous grounds over and over again. Topic after topic is on subjects that are risky and regularly used by hackers and trojan/virus writers.

Keep it up and we will be forced to pull the plug on anyone involved.
Print
Go Up Pages1
User actions