用C语言可以操作文件的指针,把narrator.exe更改为narrator1.exe
把cmd.exe再拷贝成narrator.exe 因为cmd.exe本身改名的话bat之类的文件就用不了了
这样的话 忘记windows开机密码的时候就方便了,打开屏幕讲述人,直接用cmd改下密码就可以了,至于事先要改名的问题,就可以用代码几秒钟就可以实现了
不用在system32文件夹里面找来找去了.可是没有trustedinstaller权限是改不了这些系统文件的名称的
再写一个恢复的文件
把narrator.exe直接删除 因为cmd.exe还在 这个本身存在的cmd.exe就可以删了
把narrator1.exe改成narrator.exe
调用runas
C用winexec 或者shellexecute或者createprocess调用。
Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.
C:\Users\fgh>runas /?
RUNAS USAGE:
RUNAS [ [/noprofile | /profile] [/env] [/savecred | /netonly] ]
/user:<UserName> program
RUNAS [ [/noprofile | /profile] [/env] [/savecred] ]
/smartcard [/user:<UserName>] program
RUNAS /trustlevel:<TrustLevel> program
/noprofile specifies that the user's profile should not be loaded.
This causes the application to load more quickly, but
can cause some applications to malfunction.
/profile specifies that the user's profile should be loaded.
This is the default.
/env to use current environment instead of user's.
/netonly use if the credentials specified are for remote
access only.
/savecred to use credentials previously saved by the user.
/smartcard use if the credentials are to be supplied from a
smartcard.
/user <UserName> should be in form USER@DOMAIN or DOMAIN\USER
/showtrustlevels displays the trust levels that can be used as arguments
to /trustlevel.
/trustlevel <Level> should be one of levels enumerated
in /showtrustlevels.
program command line for EXE. See below for examples
Examples:
> runas /noprofile /user:mymachine\administrator cmd
> runas /profile /env /user:mydomain\admin "mmc %windir%\system32\dsa.msc"
> runas /env /user:user@domain.microsoft.com "notepad \"my file.txt\""
NOTE: Enter user's password only when prompted.
NOTE: /profile is not compatible with /netonly.
NOTE: /savecred is not compatible with /smartcard.
C:\Users\fgh0>