; Bad_Idea.asm Very fast shutdown, but probably risky !!!
; YOU HAVE BEEN WARNED !!
;
; Thursday, January 24, 2013
;
; Tested on XP Pro SP3 and Windows 7 SP1
;
; Author Subhas*asyam
;
.386
.model flat, stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
includelib \masm32\lib\kernel32.lib
include \masm32\include\ntdll.inc
includelib \masm32\lib\ntdll.lib
.data
ResFlag db 0,0
.code
start:
invoke RtlAdjustPrivilege,19,1,0,addr ResFlag ; Adjust privileges according to the table down
invoke NtShutdownSystem,2 ; Call NtShutDownSystem directly from ntdll.dll
end start
.386
.model flat, stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
include \masm32\include\user32.inc
include \masm32\include\ntdll.inc
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\user32.lib
includelib \masm32\lib\ntdll.lib
.code
start:
invoke RtlAdjustPrivilege,13h,1h,0h,esp
invoke NtShutdownSystem,1
invoke ExitProcess, 0
end start
where is no sence in back value
no risky. it fast but system, use nuclear function, works under very empty win pe
risk - Forced Power Off
invoke RtlAdjustPrivilege,13h,1h,0h,esp
invoke ExitWindowsEx, 12, 0 - try it
I tried your first code, but had to change 1 to a 0.
invoke NtShutdownSystem,1 ; restart computer
It's pretty fast.
Were you saying that it makes a small executable ?
C:\masm32\bin\link.exe /subsystem:windows /merge:.rdata=.text /dynamicbase:no "%~n1.obj"
Looks like this wouldn't work in XP.
/DYNAMICBASE[:NO]
Specifies whether to generate an executable image that can be randomly rebased at load time by using the address space layout randomization (ASLR) feature of Windows Vista.
I may look for a ha-c k to make my O.S. and link.exe think it's Vista. <Just kidding >
Andy
You guys are treading on dangerous grounds over and over again. Topic after topic is on subjects that are risky and regularly used by hackers and trojan/virus writers.
Keep it up and we will be forced to pull the plug on anyone involved.