Here is a tool to shutdown \ restart Windows PE ( Windows Preinstallation ) systems :
include ExitWinPE.inc
.data
Resource:
INCBIN Rsrc.bin
capt db 'ExitWinPE',0
subkey db 'SYSTEM\CurrentControlSet\Control\MiniNT',0
errmsg db 'NtShutdownSystem error',0
errmsg2 db 'ExitPE is expected to run on a WinPE system',0
SE_SHUTDOWN_NAME_ db 'SeShutdownPrivilege',0
.data?
hKey dd ?
.code
start:
invoke RegOpenKeyEx,HKEY_LOCAL_MACHINE,ADDR subkey,0,\
KEY_ALL_ACCESS,ADDR hKey
; eax -> 2 : subkey not found
; eax -> 0 : subkey found
test eax,eax
jz @f
xor ecx,ecx
invoke MessageBox,ecx,ADDR errmsg2,ADDR capt,ecx
jmp finish
@@:
invoke RegCloseKey,hKey
call GetPrivileges
invoke GetModuleHandle,0
xor ecx,ecx
invoke DialogBoxIndirectParam,eax,ADDR Resource,\
ecx,ADDR DlgProc,ecx
finish:
invoke ExitProcess,0
DlgProc PROC hWnd,uMsg,wParam,lParam
.IF uMsg==WM_INITDIALOG
lea eax,[Resource+MENU_OFFSET]
invoke LoadMenuIndirect,eax
invoke SetMenu,hWnd,eax
.ELSEIF uMsg==WM_CLOSE
invoke EndDialog, hWnd,0
.ELSEIF uMsg==WM_COMMAND
mov eax,wParam
.IF lParam==0
.IF ax==IDM_EXIT
invoke EndDialog,hWnd,0
.ENDIF
.ELSE
mov edx,wParam
shr edx,16
.IF dx==BN_CLICKED
.IF ax==IDC_SHUTDOWN
invoke NtShutdownSystem,SHUTDOWN
invoke DispErrMsg
invoke EndDialog,hWnd,0
.ELSEIF ax==IDC_REBOOT
invoke NtShutdownSystem,REBOOT
invoke DispErrMsg
invoke EndDialog,hWnd,0
.ENDIF
.ENDIF
.ENDIF
.ELSE
xor eax,eax
ret
.ENDIF
mov eax,1
ret
DlgProc ENDP
GetPrivileges PROC USES esi ebx
LOCAL TokenPriv:TOKEN_PRIVILEGES
LOCAL hToken:DWORD
xor ebx,ebx
invoke GetCurrentProcess
lea ecx,hToken
invoke OpenProcessToken,eax,\
TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY,\
ecx
lea esi,TokenPriv
invoke LookupPrivilegeValue,ebx,ADDR SE_SHUTDOWN_NAME_,\
ADDR TOKEN_PRIVILEGES.Privileges.Luid[esi]
mov TOKEN_PRIVILEGES.PrivilegeCount[esi],1
mov TOKEN_PRIVILEGES.Privileges.Attributes[esi],SE_PRIVILEGE_ENABLED
invoke AdjustTokenPrivileges,hToken,ecx,\
ADDR TokenPriv,ebx,ebx,ebx
ret
GetPrivileges ENDP
DispErrMsg PROC
invoke MessageBox,0,ADDR errmsg,\
ADDR capt,MB_ICONSTOP
ret
DispErrMsg ENDP
END start
