神代码,结束进程神方法

这段代码真神了,

当我还在考虑,进程创建回调里面怎么结束进程更方便的时候,

当我还在找oep、写ret的时候,

当我还在阻止进程创建的时候,

这份神代码给了一个极其简单的方法,

直接OpenProcess,然后Terminate就好了,

根本不用什么ret oep的,没有,

什么逢冲以合为应期,什么相合以冲定应期,根本没有,不需要,

直接应期就出来了

(别看它没有释放那个句柄,导致进程泄露,但是这不是重点,重点是这个结束进程的方法)

 1 #include <ntddk.h>
 2 
 3 //进程监视回调函数
 4 VOID ProcessMonitorCallback(
 5                         IN HANDLE hParentId,
 6                         IN HANDLE hProcessId, 
 7                         IN BOOLEAN bCreate)
 8 {
 9     NTSTATUS status;
10     HANDLE procHandle = NULL;
11     CLIENT_ID ClientId;
12     
13     OBJECT_ATTRIBUTES Obja;
14     Obja.Length = sizeof(Obja);
15     Obja.RootDirectory = 0;
16     Obja.ObjectName = 0;
17     Obja.Attributes = 0;
18     Obja.SecurityDescriptor = 0;
19     Obja.SecurityQualityOfService = 0;
20     
21     ClientId.UniqueProcess = (HANDLE)hProcessId;
22     ClientId.UniqueThread = 0;
23     //不管创建什么程序都关闭程序
24     if(bCreate)   //bCreate 为True表示创建程序
25     {
26         //调用函数ZwOpenProcess函数,通过进程pid号获得进程句柄
27     
28         status = ZwOpenProcess(&procHandle, PROCESS_ALL_ACCESS, &Obja, &ClientId);
29         if(status == STATUS_INVALID_PARAMETER_MIX)
30             DbgPrint("STATUS_INVALID_PARAMETER_MIX
");
31         else if(status == STATUS_INVALID_CID)
32             DbgPrint("STATUS_INVALID_CID
");
33         else if(status == STATUS_INVALID_PARAMETER)
34             DbgPrint("STATUS_INVALID_PARAMETER
");
35         else if(status == STATUS_ACCESS_DENIED)
36             DbgPrint("STATUS_ACCESS_DENIED
");
37         else
38         {
39             DbgPrint("STATUS_SUCCESS
");
40         }
41         
42         if(procHandle != NULL)
43         {
44             status = ZwTerminateProcess(procHandle,1);
45         }
46         else
47         {
48             DbgPrint("failed to ZwOpenProcess...
");
49             return ;
50         }
51         //这里是我来判断没有成功结束进程用的
52         switch(status)
53         {
54         case STATUS_SUCCESS:
55             DbgPrint("process %u has beed killed ...
",hProcessId);
56             break;
57         case STATUS_OBJECT_TYPE_MISMATCH:
58             DbgPrint("failed to kill %u process,The specified handle is not a process handle. 
",hProcessId);
59             break;
60         case STATUS_INVALID_HANDLE:
61             DbgPrint("failed to kill %u process,The specified handle is not valid.
",hProcessId);
62             break;
63         case STATUS_ACCESS_DENIED:
64             DbgPrint("failed to kill %u process,The driver cannot access the specified process object.
",hProcessId);
65             break;
66         case STATUS_PROCESS_IS_TERMINATING:
67             DbgPrint("failed to kill %u process,The specified process is already terminating.
",hProcessId);
68             break;
69         default:
70             break;
71         }
72     }
73 }
74 //驱动卸载函数
75 void DriverUnload(PDRIVER_OBJECT pDriveObj)
76 {
77 //取消监视
78     PsSetCreateProcessNotifyRoutine(ProcessMonitorCallback,TRUE);
79     DbgPrint("driver unloaded ...
");
80 }
81 
82 NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObj, PUNICODE_STRING pRegisterString)
83 {
84     NTSTATUS status = STATUS_SUCCESS;
85     //驱动卸载处理
86     pDriverObj->DriverUnload = DriverUnload;
87     status = PsSetCreateProcessNotifyRoutine(ProcessMonitorCallback,FALSE);
88     return status;
89 }
View Code
【推广】 免费学中医,健康全家人
原文地址:https://www.cnblogs.com/suanguade/p/5845101.html