首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 看雪峰会 看雪商城 证书查询
  1. 社区
  2. 编程技术
    3. 发新帖
[原代码]杀死指定进程
发表于: 2006-2-1 14:33 5220

[原代码]杀死指定进程

phoenix[ne] 活跃值
1
2006-2-1 14:33
5220
看见了 北极星2003 老兄的一篇《关于终止进程的内幕》的帖子,十分的喜欢。
但觉得太泛泛之谈了(太理论了,不直观),所以找来了原代码这样看起来就直观多了。

北极星2003 老兄的帖子:http://bbs.pediy.com/showthread.php?threadid=19386&highlight=%BD%F8%B3%CC

//0nly a simple sample for practice
//Coded by p0prxx
//Refered to shadow3's c0dz
//please set TAB=8 when u read this code
//Date:2005/08/28
#include <windows.h>
#include <tlhelp32.h>
#include <stdio.h>
intusage() ;
voidEnumProcesses() ;
BOOLKillProcess(int pid) ;
voidEnumModule(int pid) ;
voidEnumThread(int pid) ;

int main(int argc, char *argv[])
{
BOOLisKilled ;

if (argc == 1)
{
usage() ;
}
else if (!strncmp(argv[1], "/l", 2))
{
EnumProcesses() ;

}
else if (!strncmp(argv[1], "/k",2) && argv[2] != NULL)
{
isKilled = KillProcess(atoi(argv[2])) ;

if (isKilled)
{
printf("进程清除成功!:-)\n") ;
}
else
{
printf("进程清除失败!:-(\n") ;
}
}
else if (!strncmp(argv[1], "/m",2) && argv[2] != NULL)
{
EnumModule(atoi(argv[2])) ;
}
else if (!strncmp(argv[1], "/?", 2))
{
usage() ;
}
else
{
printf("参数错误!\n") ;
usage() ;
}

}

int usage()
{
printf("\n") ;
printf("-----------------------------\n") ;
printf("[Process Lookup1.0]\n\n") ;
printf("Author:Robinh00d\n") ;
printf("Date:2005/08/25\n") ;
printf("HP:http://p0prxx.77169.com\n") ;
printf("-----------------------------\n") ;
printf("usage:pi /l /k [PID] /m[PID]\n") ;
printf("/l:列举当前系统所有进程\n") ;
printf("/k [PID]:清除指定进程\n") ;
printf("/m [PID]:列举指定进程模块信息") ;
printf("\n-----------------------------\n") ;
printf("\n") ;
return 0 ;
}

void EnumProcesses()
{

HANDLEhSnapshot ;
BOOLret ;
TCHAR*szPid= TEXT("PID") ;
TCHAR*iCntThreads= TEXT("Threads") ;
TCHAR*szExeFile= TEXT("Executable") ;
PROCESSENTRY32pe32 ;

pe32.dwSize = sizeof(PROCESSENTRY32) ;
//建立进程快照
hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0) ;

if (INVALID_HANDLE_value == hSnapshot)
{
printf("Error Number: %d", GetLastError()) ;
ExitProcess(1) ;
}
ret = Process32First(hSnapshot, &pe32) ;

printf("%5s%15s%25s\n", szPid, iCntThreads, szExeFile) ;
printf("==============================================\n") ;

while(ret)
{
printf("%5d%15d%25s\n",pe32.th32ProcessID, pe32.cntThreads, pe32.szExeFile) ;
ret = Process32Next(hSnapshot, &pe32) ;
}
CloseHandle(hSnapshot) ;
}

BOOL KillProcess(int pid)
{
BOOLret ;
HANDLEhToken ;
HANDLEhProcess ;
TOKEN_PRIVILEGEStp ;
//提升进程权限
ret = OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken) ;

if (ret == 0)
{
printf("Error Number:%d\n", GetLastError()) ;
ExitProcess(1) ;
}

LookupPrivilegevalue(NULL, "SeDebugPrivilege", &tp.Privileges[0].Luid) ;

tp.PrivilegeCount = 1 ;
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED ;
ret = AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), NULL, NULL) ;

if (ret != 0)
{
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid) ;
if (hProcess == NULL)
{
printf("Error Number:%d\n", GetLastError()) ;
ExitProcess(1) ;
}
ret = TerminateProcess(hProcess, 1) ;

if (ret == 0)
{
return FALSE ;
}
WaitForSingleObject(hProcess, 5000) ;
}
CloseHandle(hToken) ;
return TRUE ;
}

void EnumModule(int pid)
{
HANDLEhSnapshot ;
MODULEENTRY32me32 ;
BOOLret ;

hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, pid) ;
me32.dwSize = sizeof(MODULEENTRY32) ;
ret = Module32First(hSnapshot, &me32) ;

printf("Process ID:%d[Module Infomation]\n", pid) ;
printf("==============================================\n") ;
while(ret)
{
printf("Mudule Name= %s\n",me32.szModule) ;
printf("Usage Count(Global)= %d\n", me32.GlblcntUsage) ;
printf("Usage Count(Process)= %d\n", me32.GlblcntUsage) ;
printf("Base Address= 0x%x\n", me32.modBaseAddr) ;
printf("Base Size= %d字节\n", me32.modBaseSize) ;
printf("Executable= %s\n", me32.szExePath) ;
printf("\n\n") ;
ret = Module32Next(hSnapshot, &me32) ;
}
}

[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课

收藏
免费 0
支持
分享
最新回复 (3)
phoenix[ne]
雪    币: 240
活跃值: (130)
能力值: ( LV4,RANK:50 )
在线值:
发帖
回帖
粉丝
私信
2
再贴个比较详细的。

#include <windows.h>
#include<stdio.h>
#include<string.h>
#include <commdlg.h>
#include <Commctrl.h>
#include "resource.h"
#include <Tlhelp32.h>
//使用视图列表
#pragma comment(lib,"comctl32.lib")
#define ID_TIMER 1
#define IDC_STATUS 1003
void Refresh(HWND);
BOOL CALLBACK  Test(HWND,UINT,WPARAM,LPARAM);
BOOL UpPrivilege(HANDLE,LPCTSTR);
HINSTANCE hinst;
int WINAPI WinMain(HINSTANCE hinstance,HINSTANCE hPrevInstance,LPSTR lpCmdLine,int nCmdShow)
{
char privilege[]=SE_DEBUG_NAME;
HANDLE hprocess;
hinst=hinstance;
hprocess=GetCurrentProcess();
if(!UpPrivilege(hprocess,privilege))
MessageBox(NULL,"提升进程特权失败!","错误",MB_OK|MB_IConERROR);
InitCommonControls();
DialogBox(hinstance,(LPCTSTR)IDD_tianj03,NULL,(DLGPROC)Test);
return 1;
}
BOOL CALLBACK  Test(HWND hdlg , UINT message , WPARAM wParam , LPARAM lParam)
{
int i=0,index=0,id=0,n=0,iPart=0,uType=0;
int parts[]={75,160,-1};
char addstring[260],curid[32],idnum[5]={0},statutext[10]={"进程数:"};
char *psztext[]={"进程映象名","进程ID"};
char privilege[]="SE_SHUTDOWN_NAME";
char memstatus[15]={"内存使用:"},memuse[5]={0};
HANDLE hsnapshot,hprocess;
HICON hicon;
BOOL repeat;
NOTIFYICONDATA nid;
MEMORYSTATUS memstatu;
memstatu.dwLength=sizeof(MEMORYSTATUS);
PROCESSENTRY32 pe;
pe.dwSize=sizeof(PROCESSENTRY32);
LV_COLUMN lc;
LV_ITEM lt;
//  初始化 lc,lt
lc.mask=LVCF_WIDTH|LVCF_FMT|LVCF_TEXT|LVCF_SUBITEM;
lc.fmt=LVCFMT_LEFT;
lc.cx=110;
lc.pszText="";
lc.iSubItem=0;
lt.mask=LVIF_TEXT;
lt.iItem=0;
lt.iSubItem=0;
lt.pszText=psztext[1];
//  初始化 nid
nid.cbSize=sizeof(NOTIFYICONDATA);
   hicon=LoadIcon(hinst,(LPSTR)IDI_ICON);
nid.hIcon=hicon;
nid.hWnd=hdlg;
//nid.szTip=;
//nid.uCallbackMessage=;
nid.uFlags=NIF_ICON;
nid.uID=IDI_ICON;
switch(message)
{
case WM_INITDIALOG:
SendDlgItemMessage(hdlg,IDC_LISTVIEW_tianj03,LVM_SETEXTENDEDLISTVIEWstyle,0,(LPARAM)LVS_EX_FULLROWSELECT);
Shell_NotifyIcon(NIM_ADD,&nid);
SetWindowPos(hdlg,HWND_TOPMOST,100,10,230,330,SWP_NOSENDCHANGING);
SetTimer(hdlg,ID_TIMER,100,NULL);
CreateStatusWindow(WS_VISIBLE|WS_CHILD|SBS_SIZEGRIP,NULL,hdlg,IDC_STATUS);
       SendDlgItemMessage(hdlg,IDC_STATUS,SB_SETPARTS,3,(LPARAM)parts);
for(i=0;i<=1;i++)
{
lc.pszText=psztext[i];
lc.iSubItem=i;
if(i==1)
lc.cx=80;
SendDlgItemMessage(hdlg,IDC_LISTVIEW_tianj03,LVM_INSERTCOLUMN,(WPARAM)i,(LPARAM)&lc);
}
hsnapshot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
repeat=Process32First(hsnapshot,&pe);
lt.pszText=pe.szExeFile;
SendDlgItemMessage(hdlg,IDC_LISTVIEW_tianj03,LVM_INSERTITEM,(WPARAM)i,(LPARAM)<);
lt.iSubItem=1;
sprintf(addstring,"%i",pe.th32ProcessID);
lt.pszText=addstring;
SendDlgItemMessage(hdlg,IDC_LISTVIEW_tianj03,LVM_SETITEM,0,(LPARAM)<);
for(i=1;repeat;i++)
{
repeat=Process32Next(hsnapshot,&pe);
if(!repeat)
break;
lt.iItem=i;
lt.iSubItem=0;
lt.pszText=pe.szExeFile;
SendDlgItemMessage(hdlg,IDC_LISTVIEW_tianj03,LVM_INSERTITEM,0,(LPARAM)<);
           sprintf(addstring,"%i",pe.th32ProcessID);
lt.iSubItem=1;
lt.pszText=addstring;
SendDlgItemMessage(hdlg,IDC_LISTVIEW_tianj03,LVM_SETITEM,0,(LPARAM)<);
}
n=i;
CloseHandle(hsnapshot);
sprintf(idnum,"%i",n);
strcat(statutext,idnum);
       SendDlgItemMessage(hdlg,IDC_STATUS,SB_SETTEXT,iPart|uType,(LPARAM)statutext);
GlobalMemoryStatus(&memstatu);
   sprintf(memuse,"%i%%",memstatu.dwMemoryLoad);
   strcat(memstatus,memuse);
iPart=1;
SendDlgItemMessage(hdlg,IDC_STATUS,SB_SETTEXT,iPart|uType,(LPARAM)memstatus);
return TRUE;
case WM_TIMER:
Refresh(hdlg);
return TRUE;
case WM_COMMAND:
switch(wParam)
{
case IDTERMINATEPROCESS:
UpPrivilege(GetCurrentProcess(),privilege);
index=SendDlgItemMessage(hdlg,IDC_LISTVIEW_tianj03,LVM_GETNEXTITEM,(WPARAM)-1,LVNI_SELECTED);
           lt.iItem=index;
lt.iSubItem=1;
lt.cchTextMax=32;
lt.pszText=curid;
           SendDlgItemMessage(hdlg,IDC_LISTVIEW_tianj03,LVM_GETITEMTEXT,(WPARAM)index,(LPARAM)<);
id=atol(curid);
hprocess=OpenProcess(PROCESS_TERMINATE,0,id);
if(hprocess==NULL)
{
MessageBox(hdlg,"进程拒绝访问","错误",MB_OK|MB_IConERROR);
}
else
{
if(!TerminateProcess(hprocess,0))
{
MessageBox(NULL,"不能结束","Message",MB_OK);
}
else
{
SendDlgItemMessage(hdlg,IDC_LISTVIEW_tianj03,LVM_DELETEITEM,(WPARAM)index,0);
}
}
return TRUE;
case IDEXIT:
           UpPrivilege(GetCurrentProcess(),privilege);
ExitWindows(EWX_SHUTDOWN,0);
return TRUE;
}
case WM_CLOSE:
       Shell_NotifyIcon(NIM_DELETE,&nid);
KillTimer(hdlg,ID_TIMER);
EndDialog(hdlg,0);
PostQuitMessage(0);
}
return FALSE;
}
//刷新列表(自己感觉是对的,但实际运行会出现一点问题(不影响大局):就是本进程会在列表中出现两次,不知道那儿错了,如果找到了告诉我。)
void Refresh(HWND hwnd)
{
int i=0,j=0,maxitem=0,n=0,iPart=0,uType=0;
BOOL repeat=FALSE;
LV_ITEM lt;
char listid[50][34],processid[50][34],idnum[5]={0},statutext[10]={"进程数:"},memstatus[15]={"内存使用:"},memuse[5]={0};
char buffer[34];
HANDLE hsnapshot;
PROCESSENTRY32 pe[50];
MEMORYSTATUS memstatu;
memstatu.dwLength=sizeof(MEMORYSTATUS);
for(i=0;i<50;i++)
{
pe[i].dwSize=sizeof(PROCESSENTRY32);
}
maxitem=SendDlgItemMessage(hwnd,IDC_LISTVIEW_tianj03,LVM_GETITEMCOUNT,0,0);
for(i=0;i<maxitem;i++)
{
lt.pszText=listid[i];
lt.cchTextMax=33;
lt.iItem=i;
lt.iSubItem=1;
SendDlgItemMessage(hwnd,IDC_LISTVIEW_tianj03,LVM_GETITEMTEXT,(WPARAM)i,(LPARAM)<);
*listid[i]=*(lt.pszText);
}
hsnapshot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
repeat=Process32First(hsnapshot,&pe[0]);
sprintf(processid[0],"%i",pe[0].th32ProcessID);
for(i=1;repeat;i++)
{
repeat=Process32Next(hsnapshot,&pe[i]);
if(!repeat)
break;
sprintf(processid[i],"%i",pe[i].th32ProcessID);
n=i;
}
CloseHandle(hsnapshot);
sprintf(idnum,"%i",n+1);
strcat(statutext,idnum);
   SendDlgItemMessage(hwnd,IDC_STATUS,SB_SETTEXT,iPart|uType,(LPARAM)statutext);
GlobalMemoryStatus(&memstatu);
sprintf(memuse,"%i%%",memstatu.dwMemoryLoad);
strcat(memstatus,memuse);
//MessageBox(NULL,memuse,"",MB_OK);
iPart=1;
   SendDlgItemMessage(hwnd,IDC_STATUS,SB_SETTEXT,iPart|uType,(LPARAM)memstatus);
for(i=0;i<maxitem;i++)
{
for(j=0;j<=n;j++)
{
if(strcmp(listid[i],processid[j])==0)
break;
else
{
if(j==n)
SendDlgItemMessage(hwnd,IDC_LISTVIEW_tianj03,LVM_DELETEITEM,(WPARAM)i,0);
}
}
}
maxitem=SendDlgItemMessage(hwnd,IDC_LISTVIEW_tianj03,LVM_GETITEMCOUNT,0,0);
for(j=0;j<=n;j++)
{
for(i=0;i<=maxitem;i++)
{
if(strcmp(processid[j],listid[i])==0)
break;
else
{
if(i==maxitem)
{
lt.iItem=maxitem;
lt.iSubItem=0;
lt.pszText=pe[i].szExeFile;
SendDlgItemMessage(hwnd,IDC_LISTVIEW_tianj03,LVM_INSERTITEM,0,(LPARAM)<);
lt.iSubItem=1;
sprintf(buffer,"%i",pe[i].th32ProcessID);
lt.pszText=buffer;
SendDlgItemMessage(hwnd,IDC_LISTVIEW_tianj03,LVM_SETITEM,0,(LPARAM)<);
}
}
}
}
}
//提升进程权限,Nt下一些系统进程和服务的进程需要一定的特权才能结束。
BOOL UpPrivilege(HANDLE hprocess,LPCTSTR lpname)
{
HANDLE hToken;
TOKEN_PRIVILEGES Privileges;
   LUID luid;
//  下面为打开当前进程对话
   OpenProcessToken(hprocess,TOKEN_ADJUST_PRIVILEGES,&hToken);
   Privileges.PrivilegeCount=1;
   LookupPrivilegevalue(NULL,lpname,&luid);
   Privileges.Privileges[0].Luid=luid;
   Privileges.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;
   if(AdjustTokenPrivileges(hToken,FALSE,&Privileges,NULL,NULL,NULL))
return TRUE;
return FALSE;
}
2006-2-1 14:34
0
phoenix[ne]
雪    币: 240
活跃值: (130)
能力值: ( LV4,RANK:50 )
在线值:
发帖
回帖
粉丝
私信
3
虽然枚举方法不是很可靠,但一般进程够用了
(隐藏的进程列举不出来)

谁有更好点的代码分享下。
2006-2-1 14:35
0
北极星2003
雪    币: 1852
活跃值: (504)
能力值: (RANK:1010 )
在线值:
发帖
回帖
粉丝
私信
4
关于这方面的更详细信息可以参见 外文翻译区
[ZT]Detection of the hidden processes
http://bbs.pediy.com/showthread.php?threadid=20076
2006-2-1 18:15
0
游客
登录 | 注册 方可回帖
回帖 表情 雪币赚取及消费
高级回复
返回
//