Here is the code to shutdown Windows. The necessary privilege for this operation is required on NT based systems.
; Built with Pelles Macro Assembler, Version 6.50.0
; Code running on Windows NT based systems
include ShutdownWindows.inc
.data
SE_SHUTDOWN_NAME_ db 'SeShutdownPrivilege',0
.code
start:
invoke GetShutdownPrivileges
invoke ExitWindowsEx,EWX_FORCE or EWX_SHUTDOWN,0
invoke ExitProcess,0
GetShutdownPrivileges PROC USES esi
LOCAL TokenPriv:TOKEN_PRIVILEGES
LOCAL hToken:DWORD
invoke GetCurrentProcess
lea ecx,hToken
invoke OpenProcessToken,eax,\
TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY,\
ecx
lea esi,TokenPriv
invoke LookupPrivilegeValue,0,ADDR SE_SHUTDOWN_NAME_,\
ADDR TOKEN_PRIVILEGES.Privileges.Luid[esi]
mov TOKEN_PRIVILEGES.PrivilegeCount[esi],1
mov TOKEN_PRIVILEGES.Privileges.Attributes[esi],SE_PRIVILEGE_ENABLED
invoke AdjustTokenPrivileges,hToken,0,ADDR TokenPriv,0,0,0
ret
GetShutdownPrivileges ENDP
END start
Almost same in C
#define WIN32_DEFAULT_LIBS
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
BOOL GetShutdownPrivileges(void);
//TCHAR szAppName[] = TEXT("ShutDownWindows");
int __cdecl WinMainCRTStartup(void)
{
if (GetShutdownPrivileges()) {
//MessageBox(0, TEXT("Got it"), szAppName, MB_OK);
//MessageBox(0, TEXT("Got it"), SE_SHUTDOWN_NAME, MB_OK);
ExitWindowsEx(EWX_FORCE | EWX_SHUTDOWN, 0);
}
ExitProcess(0);
}
BOOL GetShutdownPrivileges(void)
{
TOKEN_PRIVILEGES tp;
HANDLE hToken;
BOOL bRet = FALSE;
if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
{
if (LookupPrivilegeValue(NULL, SE_SHUTDOWN_NAME, &tp.Privileges[0].Luid))
{
tp.PrivilegeCount = 1;
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (AdjustTokenPrivileges(hToken, FALSE, &tp, 0, NULL, NULL))
{
DWORD dwErr = GetLastError();
if (dwErr == ERROR_SUCCESS)
bRet = TRUE;
}
}
CloseHandle(hToken);
}
return bRet;
}
Hi timovjl,
Thanks for the C version.
Similar example with the API function InitiateSystemShutdown
In the console, you need to type shutdown -a to abort the command.