终极结束进程方法API
来源:互联网 发布:淘宝联系卖家的软件 编辑:程序博客网 时间:2024/05/20 05:30
引言
最近在机房里上课的时候,学生的电脑上都安装了相应的学生端软件,而这些软件并没法正常关闭,用任务管理器也无法关闭,下面我说一下如何用Windows API对这类顽固程序进行终结。
福利方法
由于相关方面的规定,这里我只列出相应的操作函数和一些实现原理,具体程序代码我就不贴上了,想深入了解的,可以私信我。
方法一. 消息投递
这里用到的方法就是获取要关闭进程的窗口句柄,然后发送关闭消息到进程的消息队列中,让进程执行关闭消息,这样进程就会以正常的方式自动关闭,而且不会引发内存泄露等问题。(此方法能关闭大部分进程)
涉及API
//API_获得窗口关联进程IDDWORD WINAPI GetWindowThreadProcessId( _In_ HWND hWnd, _Out_opt_ LPDWORD lpdwProcessId);
//API_取进程快照HANDLE WINAPI CreateToolhelp32Snapshot( _In_ DWORD dwFlags, _In_ DWORD th32ProcessID);
//API_枚举父窗口BOOL WINAPI EnumWindows( _In_ WNDENUMPROC lpEnumFunc, _In_ LPARAM lParam);
//API_快照中获取进程列表BOOL WINAPI Process32First( _In_ HANDLE hSnapshot, _Inout_ LPPROCESSENTRY32 lppe);
//API_遍历快照中进程列表BOOL WINAPI Process32Next( _In_ HANDLE hSnapshot, _Out_ LPPROCESSENTRY32 lppe);
//API_关闭内核对象BOOL WINAPI CloseHandle( _In_ HANDLE hObject);
//API_投递消息BOOL WINAPI PostMessageA( _In_opt_ HWND hWnd, _In_ UINT Msg, _In_ WPARAM wParam, _In_ LPARAM lParam);
PostMessageA函数是关闭程序的关键只需要将Msg参数设置为AE_RESACCESS2
即可,对应的值为18。此常量来源于lmaudit.h
。
//lmaudit.h/** * This file has no copyright assigned and is placed in the Public Domain. * This file is part of the mingw-w64 runtime package. * No warranty is given; refer to the file DISCLAIMER.PD within this package. */#ifndef _LMAUDIT_#define _LMAUDIT_#ifdef __cplusplusextern "C" {#endif#ifndef _LMHLOGDEFINED_#define _LMHLOGDEFINED_ typedef struct _HLOG { DWORD time; DWORD last_flags; DWORD offset; DWORD rec_offset; } HLOG,*PHLOG,*LPHLOG;#define LOGFLAGS_FORWARD 0#define LOGFLAGS_BACKWARD 0x1#define LOGFLAGS_SEEK 0x2#endif DWORD WINAPI NetAuditClear(LPCWSTR server,LPCWSTR backupfile,LPCWSTR service); DWORD WINAPI NetAuditRead(LPCWSTR server,LPCWSTR service,LPHLOG auditloghandle,DWORD offset,LPDWORD reserved1,DWORD reserved2,DWORD offsetflag,LPBYTE *bufptr,DWORD prefmaxlen,LPDWORD bytesread,LPDWORD totalavailable); DWORD WINAPI NetAuditWrite(DWORD type,LPBYTE buf,DWORD numbytes,LPCWSTR service,LPBYTE reserved); typedef struct _AUDIT_ENTRY { DWORD ae_len; DWORD ae_reserved; DWORD ae_time; DWORD ae_type; DWORD ae_data_offset; DWORD ae_data_size; } AUDIT_ENTRY,*PAUDIT_ENTRY,*LPAUDIT_ENTRY;#define REVISED_AUDIT_ENTRY_STRUCT typedef struct _AE_SRVSTATUS { DWORD ae_sv_status; } AE_SRVSTATUS,*PAE_SRVSTATUS,*LPAE_SRVSTATUS; typedef struct _AE_SESSLOGON { DWORD ae_so_compname; DWORD ae_so_username; DWORD ae_so_privilege; } AE_SESSLOGON,*PAE_SESSLOGON,*LPAE_SESSLOGON; typedef struct _AE_SESSLOGOFF { DWORD ae_sf_compname; DWORD ae_sf_username; DWORD ae_sf_reason; } AE_SESSLOGOFF,*PAE_SESSLOGOFF,*LPAE_SESSLOGOFF; typedef struct _AE_SESSPWERR { DWORD ae_sp_compname; DWORD ae_sp_username; } AE_SESSPWERR,*PAE_SESSPWERR,*LPAE_SESSPWERR; typedef struct _AE_CONNSTART { DWORD ae_ct_compname; DWORD ae_ct_username; DWORD ae_ct_netname; DWORD ae_ct_connid; } AE_CONNSTART,*PAE_CONNSTART,*LPAE_CONNSTART; typedef struct _AE_CONNSTOP { DWORD ae_cp_compname; DWORD ae_cp_username; DWORD ae_cp_netname; DWORD ae_cp_connid; DWORD ae_cp_reason; } AE_CONNSTOP,*PAE_CONNSTOP,*LPAE_CONNSTOP; typedef struct _AE_CONNREJ { DWORD ae_cr_compname; DWORD ae_cr_username; DWORD ae_cr_netname; DWORD ae_cr_reason; } AE_CONNREJ,*PAE_CONNREJ,*LPAE_CONNREJ; typedef struct _AE_RESACCESS { DWORD ae_ra_compname; DWORD ae_ra_username; DWORD ae_ra_resname; DWORD ae_ra_operation; DWORD ae_ra_returncode; DWORD ae_ra_restype; DWORD ae_ra_fileid; } AE_RESACCESS,*PAE_RESACCESS,*LPAE_RESACCESS; typedef struct _AE_RESACCESSREJ { DWORD ae_rr_compname; DWORD ae_rr_username; DWORD ae_rr_resname; DWORD ae_rr_operation; } AE_RESACCESSREJ,*PAE_RESACCESSREJ,*LPAE_RESACCESSREJ; typedef struct _AE_CLOSEFILE { DWORD ae_cf_compname; DWORD ae_cf_username; DWORD ae_cf_resname; DWORD ae_cf_fileid; DWORD ae_cf_duration; DWORD ae_cf_reason; } AE_CLOSEFILE,*PAE_CLOSEFILE,*LPAE_CLOSEFILE; typedef struct _AE_SERVICESTAT { DWORD ae_ss_compname; DWORD ae_ss_username; DWORD ae_ss_svcname; DWORD ae_ss_status; DWORD ae_ss_code; DWORD ae_ss_text; DWORD ae_ss_returnval; } AE_SERVICESTAT,*PAE_SERVICESTAT,*LPAE_SERVICESTAT; typedef struct _AE_ACLMOD { DWORD ae_am_compname; DWORD ae_am_username; DWORD ae_am_resname; DWORD ae_am_action; DWORD ae_am_datalen; } AE_ACLMOD,*PAE_ACLMOD,*LPAE_ACLMOD; typedef struct _AE_UASMOD { DWORD ae_um_compname; DWORD ae_um_username; DWORD ae_um_resname; DWORD ae_um_rectype; DWORD ae_um_action; DWORD ae_um_datalen; } AE_UASMOD,*PAE_UASMOD,*LPAE_UASMOD; typedef struct _AE_NETLOGON { DWORD ae_no_compname; DWORD ae_no_username; DWORD ae_no_privilege; DWORD ae_no_authflags; } AE_NETLOGON,*PAE_NETLOGON,*LPAE_NETLOGON; typedef struct _AE_NETLOGOFF { DWORD ae_nf_compname; DWORD ae_nf_username; DWORD ae_nf_reserved1; DWORD ae_nf_reserved2; } AE_NETLOGOFF,*PAE_NETLOGOFF,*LPAE_NETLOGOFF; typedef struct _AE_ACCLIM { DWORD ae_al_compname; DWORD ae_al_username; DWORD ae_al_resname; DWORD ae_al_limit; } AE_ACCLIM,*PAE_ACCLIM,*LPAE_ACCLIM;#define ACTION_LOCKOUT 00#define ACTION_ADMINUNLOCK 01 typedef struct _AE_LOCKOUT { DWORD ae_lk_compname; DWORD ae_lk_username; DWORD ae_lk_action; DWORD ae_lk_bad_pw_count; } AE_LOCKOUT,*PAE_LOCKOUT,*LPAE_LOCKOUT; typedef struct _AE_GENERIC { DWORD ae_ge_msgfile; DWORD ae_ge_msgnum; DWORD ae_ge_params; DWORD ae_ge_param1; DWORD ae_ge_param2; DWORD ae_ge_param3; DWORD ae_ge_param4; DWORD ae_ge_param5; DWORD ae_ge_param6; DWORD ae_ge_param7; DWORD ae_ge_param8; DWORD ae_ge_param9; } AE_GENERIC,*PAE_GENERIC,*LPAE_GENERIC;#define AE_SRVSTATUS 0#define AE_SESSLOGON 1#define AE_SESSLOGOFF 2#define AE_SESSPWERR 3#define AE_CONNSTART 4#define AE_CONNSTOP 5#define AE_CONNREJ 6#define AE_RESACCESS 7#define AE_RESACCESSREJ 8#define AE_CLOSEFILE 9#define AE_SERVICESTAT 11#define AE_ACLMOD 12#define AE_UASMOD 13#define AE_NETLOGON 14#define AE_NETLOGOFF 15#define AE_NETLOGDENIED 16#define AE_ACCLIMITEXCD 17#define AE_RESACCESS2 18#define AE_ACLMODFAIL 19#define AE_LOCKOUT 20#define AE_GENERIC_TYPE 21#define AE_SRVSTART 0#define AE_SRVPAUSED 1#define AE_SRVCONT 2#define AE_SRVSTOP 3#define AE_GUEST 0#define AE_USER 1#define AE_ADMIN 2#define AE_NORMAL 0#define AE_USERLIMIT 0#define AE_GENERAL 0#define AE_ERROR 1#define AE_SESSDIS 1#define AE_BADPW 1#define AE_AUTODIS 2#define AE_UNSHARE 2#define AE_ADMINPRIVREQD 2#define AE_ADMINDIS 3#define AE_NOACCESSPERM 3#define AE_ACCRESTRICT 4#define AE_NORMAL_CLOSE 0#define AE_SES_CLOSE 1#define AE_ADMIN_CLOSE 2#define AE_LIM_UNKNOWN 0#define AE_LIM_LOGONHOURS 1#define AE_LIM_EXPIRED 2#define AE_LIM_INVAL_WKSTA 3#define AE_LIM_DISABLED 4#define AE_LIM_DELETED 5#define AE_MOD 0#define AE_DELETE 1#define AE_ADD 2#define AE_UAS_USER 0#define AE_UAS_GROUP 1#define AE_UAS_MODALS 2#define SVAUD_SERVICE 0x1#define SVAUD_GOODSESSLOGON 0x6#define SVAUD_BADSESSLOGON 0x18#define SVAUD_SESSLOGON (SVAUD_GOODSESSLOGON | SVAUD_BADSESSLOGON)#define SVAUD_GOODNETLOGON 0x60#define SVAUD_BADNETLOGON 0x180#define SVAUD_NETLOGON (SVAUD_GOODNETLOGON | SVAUD_BADNETLOGON)#define SVAUD_LOGON (SVAUD_NETLOGON | SVAUD_SESSLOGON)#define SVAUD_GOODUSE 0x600#define SVAUD_BADUSE 0x1800#define SVAUD_USE (SVAUD_GOODUSE | SVAUD_BADUSE)#define SVAUD_USERLIST 0x2000#define SVAUD_PERMISSIONS 0x4000#define SVAUD_RESOURCE 0x8000#define SVAUD_LOGONLIM 0x00010000#define AA_AUDIT_ALL 0x0001#define AA_A_OWNER 0x0004#define AA_CLOSE 0x0008#define AA_S_OPEN 0x0010#define AA_S_WRITE 0x0020#define AA_S_CREATE 0x0020#define AA_S_DELETE 0x0040#define AA_S_ACL 0x0080#define AA_S_ALL (AA_S_OPEN | AA_S_WRITE | AA_S_DELETE | AA_S_ACL)#define AA_F_OPEN 0x0100#define AA_F_WRITE 0x0200#define AA_F_CREATE 0x0200#define AA_F_DELETE 0x0400#define AA_F_ACL 0x0800#define AA_F_ALL (AA_F_OPEN | AA_F_WRITE | AA_F_DELETE | AA_F_ACL)#define AA_A_OPEN 0x1000#define AA_A_WRITE 0x2000#define AA_A_CREATE 0x2000#define AA_A_DELETE 0x4000#define AA_A_ACL 0x8000#define AA_A_ALL (AA_F_OPEN | AA_F_WRITE | AA_F_DELETE | AA_F_ACL)#ifdef __cplusplus}#endif#endif
方法二. TerminateProcess 干掉进程
说到TerminateProcess 必要说一下ExitProcess,这两个函数都是用于干掉进程的,ExitProcess是用于干掉自身的,TerminateProcess 是用于干掉其它程序的进程的, 所以这里用TerminateProcess 来进行功能制作。
函数原型:
BOOL WINAPI TerminateProcess( _In_ HANDLE hProcess, _In_ UINT uExitCode);
VOID WINAPI ExitProcess( _In_ UINT uExitCode);
主要步骤就是通过进程名获取窗口句柄,通过窗口句柄获取进程ID,然后通过进程ID获取进程ID的句柄,然后就可以终结了。这里还有一个API就是OpenProcess
,通过这OpenProcess
获得进程ID对应的句柄。
HANDLE WINAPI OpenProcess( _In_ DWORD dwDesiredAccess, _In_ BOOL bInheritHandle, _In_ DWORD dwProcessId);
//小例子BOOL KillProcess(DWORD ProcessId) { HANDLE hProcess = OpenProcess(PROCESS_TERMINATE, FALSE, ProcessId); if(hProcess == NULL) return FALSE; if(!TerminateProcess(hProcess, 0)) return FALSE; return TRUE;}
本人只是抛砖引玉,想研究的可以深入研究,此方面可以用于终止恶意顽固程序进程等。
博客名称:王乐平博客
博客地址:http://blog.lepingde.com
CSDN博客地址:http://blog.csdn.net/lecepin
1 0
- 终极结束进程方法API
- Linux中强制结束一个进程的终极方法和其他常用命令
- 最新结束进程方法
- 结束进程方法
- 结束进程的方法
- 结束进程方法
- Android 结束进程的方法
- 14种方法结束进程
- Excel.exe进程结束方法
- Symbian结束进程的方法
- Android 结束进程的方法
- Android 结束进程的方法
- C#结束进程通用方法
- Android 结束进程的方法
- android 结束进程方法总结
- VC++结束进程的方法
- Android 结束进程的方法
- android彻底结束进程方法
- 三角形
- 如何将参数传递给CGI程序(转)
- JS处理日期时间戳
- 基于CXF Java 搭建Web Service (Restful Web Service与基于SOAP的Web Service混合方案)
- kernel里获取uboot的环境变量
- 终极结束进程方法API
- MVC里面两个dropdownlist联动
- @protocol 代理模式总结
- Java基本注解分析,为什么要使用@Override
- meta标签总结
- HDU-2571 命运
- 使用Android性能分析工具——TraceView
- iOS_生成pem推送证书(用于百度云推送)
- Offer题1~3 重载=&指针和数组&二维数组替换