怎样用vb模拟按下ctrl alt del

如题,就是用ctrlaltdel调出任务管理器,我知道用ctrlshiftesc可以,但是ctrlaltdel他就不管用要的效果是用ctrlaltdel按是分太低了还是没... 如题,就是用ctrl alt del调出任务管理器,我知道用ctrl shift esc可以,但是ctrl alt del他就不管用
要的效果是用ctrl alt del按
是分太低了还是没人能解决?
怎么都没人回答啊
郁闷得慌 展开
 我来答
2个回答
#合辑# 机票是越早买越便宜吗?
katar4096
2008-09-07
知道答主
回答量:2
采纳率:0%
帮助的人:0
我也去答题访问个人页
展开全部
花了一个小时解决了
此次是我在百度解答的最后一个问题,今后我永远拒绝百度
希望你能采纳我的答案,谢谢

Option Explicit

Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, lpBuffer As Any, ByVal nSize As Long, _
lpNumberOfBytesWritten As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, lpBuffer As Any, ByVal nSize As Long, _
lpNumberOfBytesWritten As Long) As Long

Private Declare Function GlobalAddAtom Lib "kernel32" Alias "GlobalAddAtomW" (ByVal lpString As Long) As Integer
Private Declare Function GlobalDeleteAtom Lib "kernel32" (ByVal nAtom As Integer) As Integer
Private Declare Function GlobalFindAtom Lib "kernel32" Alias "GlobalFindAtomW" (ByVal lpString As Long) As Integer

Private Const TH32CS_SNAPPROCESS = 2
Private Type PROCESSENTRY32W
dwSize As Long
cntUsage As Long
h32ProcessID As Long ' // this process
th32DefaultHeapID As Long '
h32ModuleID As Long ' // associated exe
cntThreads As Long '
th32ParentProcessID As Long ' // this process's parent process
pcPriClassBase As Long ' // Base priority of process's threads
dwFlags As Long '
szExeFile(1 To 260) As Integer ' // Path
End Type
Private Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal dwFlags As Long, ByVal th32ProcessID As Long) As Long
Private Declare Function Process32First Lib "kernel32" Alias "Process32FirstW" (ByVal hSnapshot As Long, lpPE As PROCESSENTRY32W) As Long
Private Declare Function Process32Next Lib "kernel32" Alias "Process32NextW" (ByVal hSnapshot As Long, lpPE As PROCESSENTRY32W) As Long
Private Declare Function lstrcmpi Lib "kernel32" Alias "lstrcmpiW" (lpString1 As Integer, ByVal lpString2 As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long

Private Type LUID
lowpart As Long
highpart As Long
End Type
Private Type LUID_AND_ATTRIBUTES
pLuid As LUID
Attributes As Long
End Type
Private Type TOKEN_PRIVILEGES
PrivilegeCount As Long
Privileges As LUID_AND_ATTRIBUTES
End Type
Private Const PROCESS_ALL_ACCESS As Long = &H1F0FFF
Private Const TOKEN_QUERY As Long = &H8&
Private Const TOKEN_ADJUST_PRIVILEGES As Long = &H20&
Private Const SE_PRIVILEGE_ENABLED As Long = &H2
Private Const SE_DEBUG_NAME As String = "SeDebugPrivilege"
Private Declare Function GetCurrentProcess Lib "kernel32" () As Long
Private Declare Function OpenProcessToken Lib "advapi32.dll" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, TokenHandle As Long) As Long
Private Declare Function LookupPrivilegeValue Lib "advapi32.dll" Alias "LookupPrivilegeValueW" (ByVal lpSystemName As Long, ByVal lpName As Long, lpLuid As LUID) As Long
Private Declare Function AdjustTokenPrivileges Lib "advapi32.dll" (ByVal TokenHandle As Long, ByVal DisableAllPrivileges As Long, NewState As TOKEN_PRIVILEGES, _
ByVal BufferLength As Long, ByVal PrevState As Long, ByVal N As Long) As Long
Private Declare Function LoadLibrary Lib "kernel32" Alias "LoadLibraryW" (ByVal lpLibFileName As Long) As Long
Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Private Declare Function FreeLibrary Lib "kernel32" (ByVal hLibModule As Long) As Long

Private Const MEM_COMMIT As Long = &H1000
Private Const MEM_DECOMMIT As Long = &H4000
Private Const PAGE_READWRITE As Long = 4
Private Const PAGE_EXECUTE_READWRITE As Long = &H40
Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal ProcessHandle As Long, ByVal lpAddress As Long, ByVal dwSize As Long, _
ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
Private Declare Function VirtualFreeEx Lib "kernel32" (ByVal ProcessHandle As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal dwFreeType As Long) As Long
Private Declare Function CreateRemoteThread Lib "kernel32" (ByVal hProcess As Long, ByVal lpThreadAttributes As Long, ByVal dwStackSize As Long, _
ByVal lpStartAddress As Long, ByVal lpParameter As Long, ByVal dwCreationFlags As Long, lpThreadId As Long) As Long

Private Const CODELONG_LEN = 33
Private mlShellCode(CODELONG_LEN - 1) As Long

'============================================
' 远程线程插入函数
' 功能:向 Winlogon 进程插入远程线程代码,并执行
' 返回:.T. 成功
'============================================
Public Function SendSysKey() As Boolean
Const WINLOGON As String = "Winlogon.exe"
Const SHELL_CODE_LENGTH = CODELONG_LEN * 4
Const SHELL_FUNCOFFSET = 2 * 4
Dim hProcess As Long '远端进程句柄
Dim hPId As Long '远端进程ID
Dim lResult As Long '一般返回变量
Dim pToken As TOKEN_PRIVILEGES
Dim hToken As Long
Dim hRemoteThread As Long
Dim hRemoteThreadID As Long
Dim lDbResult(1) As Long
Dim lRemoteAddr As Long

'------------------------------------
'取winlogon进程ID
'------------------------------------
hPId = GetProcessIdFromName(WINLOGON)
If hPId = 0 Then
Debug.Assert False
Exit Function
End If

'------------------------------------
'提升本进程权限,以取得对winlogon进程操作的许可
'------------------------------------
lResult = OpenProcessToken(GetCurrentProcess(), _
TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY, _
hToken)
Debug.Assert lResult
lResult = LookupPrivilegeValue(0, StrPtr(SE_DEBUG_NAME), pToken.Privileges.pLuid)
Debug.Assert lResult
pToken.PrivilegeCount = 1
pToken.Privileges.Attributes = SE_PRIVILEGE_ENABLED
lResult = AdjustTokenPrivileges(hToken, False, pToken, Len(pToken), 0, 0)
Debug.Assert lResult

'------------------------------------
' 打开winlogon进程
'------------------------------------
hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, hPId)
Debug.Assert hProcess

If hProcess Then
'------------------------------------
' 初始注入代码
'------------------------------------
Call InitShellCode

'------------------------------------
' 远端进程分配内存
'------------------------------------
lRemoteAddr = VirtualAllocEx(hProcess, 0, SHELL_CODE_LENGTH, MEM_COMMIT, PAGE_EXECUTE_READWRITE)
Debug.Assert lRemoteAddr

'------------------------------------
' 写入 shell 代码
'------------------------------------
If lRemoteAddr Then
Call WriteProcessMemory(hProcess, lRemoteAddr, mlShellCode(0), SHELL_CODE_LENGTH, 0)
Else
Exit Function
End If

'------------------------------------
'创建远程线程
'------------------------------------
hRemoteThread = CreateRemoteThread(hProcess, 0, 0, lRemoteAddr + SHELL_FUNCOFFSET, 0, 0, hRemoteThreadID)
Debug.Assert hRemoteThread
If hRemoteThread Then Call CloseHandle(hRemoteThread)

'------------------------------------
'等待远程线程执行完毕并取回结果信息
'------------------------------------
Do
If ReadProcessMemory(hProcess, lRemoteAddr, lDbResult(0), 8, lResult) = 1 Then
If lDbResult(0) = 0 Then
SendSysKey = lDbResult(1) = 0
Exit Do
End If
Else
Debug.Assert False
End If
Loop

'------------------------------------
' 释放远端进程内存
'------------------------------------
Call VirtualFreeEx(hProcess, lRemoteAddr, SHELL_CODE_LENGTH, MEM_DECOMMIT)
End If
End Function

'============================================
' 根据可执行文件的名称取回进程ID
' 参数:可执行文件名(含扩展名)
' 返回:进程ID。0表示无
'============================================
Private Function GetProcessIdFromName(ByVal sName As String) As Long
Dim hSnapshot As Long
Dim lpPE As PROCESSENTRY32W
Dim lpWinlogon As Long

hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)
Debug.Assert hSnapshot
lpPE.dwSize = Len(lpPE)
If Process32First(hSnapshot, lpPE) Then
lpWinlogon = StrPtr(sName)
Do
If lstrcmpi(lpPE.szExeFile(1), lpWinlogon) = 0 Then
GetProcessIdFromName = lpPE.h32ProcessID
Exit Do
End If
If Process32Next(hSnapshot, lpPE) = 0 Then Exit Do ' 此代码之前位置错误
Loop
End If
Call CloseHandle(hSnapshot)
End Function

'============================================
' 初始线程代码
'============================================
Private Function InitShellCode() As Long
Const kernel32 As String = "kernel32.dll"
Const user32 As String = "user32.dll"
Dim hDll As Long
'------------------------------------
'提取注入代码所需的API函数
'------------------------------------
hDll = LoadLibrary(StrPtr(user32))
Debug.Assert hDll
mlShellCode(0) = GetProcAddress(hDll, "FindWindowW")
mlShellCode(1) = GetProcAddress(hDll, "SendMessageW")
Call FreeLibrary(hDll)
'---------------------------
' 以下代码由 MASM32 产生,作用就是查找指定窗口并发送热键消息,超简单 ' 遗憾网上很少有解决方案。唯一有的就是在服务程序中的VNC源码。
mlShellCode(2) = &H83EC8B55
mlShellCode(3) = &HE860F8C4
mlShellCode(4) = &H0&
mlShellCode(5) = &H14EB815B
mlShellCode(6) = &H8D004010
mlShellCode(7) = &H40105283
mlShellCode(8) = &H6A5000
mlShellCode(9) = &H100093FF
mlShellCode(10) = &HC00B0040
mlShellCode(11) = &H11681974
mlShellCode(12) = &H6A002E00
mlShellCode(13) = &H3126800
mlShellCode(14) = &HFF500000
mlShellCode(15) = &H40100493
mlShellCode(16) = &H4838900
mlShellCode(17) = &H33004010
mlShellCode(18) = &H8389C0
mlShellCode(19) = &H61004010
mlShellCode(20) = &H53C3C9
mlShellCode(21) = &H530041
mlShellCode(22) = &H770020
mlShellCode(23) = &H6E0069
mlShellCode(24) = &H6F0064
mlShellCode(25) = &H77&
mlShellCode(26) = &H81EC8B55
mlShellCode(27) = &HFFFDD8C4
mlShellCode(28) = &H1EEE8FF
mlShellCode(29) = &H45890000
mlShellCode(30) = &HEC458DE8
mlShellCode(31) = &HFF286A50
mlShellCode(32) = &H13E8E875
End Function
本回答被提问者采纳
已赞过 已踩过<
你对这个回答的评价是?
评论 收起
历又
2008-09-07 · TA获得超过299个赞
知道小有建树答主
回答量:726
采纳率:100%
帮助的人:452万
我也去答题访问个人页
展开全部
不知道你说什么?
已赞过 已踩过<
你对这个回答的评价是?
评论 收起
推荐律师服务: 若未解决您的问题,请您详细描述您的问题,通过百度律临进行免费专业咨询

为你推荐:

下载百度知道APP,抢鲜体验
使用百度知道APP,立即抢鲜体验。你的手机镜头里或许有别人想知道的答案。
扫描二维码下载
×

类别

我们会通过消息、邮箱等方式尽快将举报结果通知您。

说明

0/200

提交
取消

京ICP证030173号-1   京网文【2023】1034-029号     ©2024Baidu  使用百度前必读 | 知道协议 | 企业推广

辅 助

模 式