RSS订阅 | 匿名投稿
您的位置:网站首页 > 进程 > 正文

delphi 杀系统进程代码

作者:admin 来源: 日期:2018/2/14 17:46:56 人气: 标签:

unit Unit1;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, StdCtrls, TlHelp32, XPMan;

type TNTdllApi = Function(Thread:thandle):boolean; stdcall;
type Terminate = Function(thread:thandle; dwCode:Dword):Boolean; Stdcall;
  
type
  TForm1 = class(TForm)
    Button1: TButton;
    Edit1: TEdit;
    Label1: TLabel;
    Label2: TLabel;
    XPManifest1: TXPManifest;
    Button2: TButton;
    procedure Button1Click(Sender: TObject);
    procedure Button2Click(Sender: TObject);
  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  Form1: TForm1;

implementation

{$R *.dfm}
function SetTokenPrivileges:boolean;
var
  hToken1, hToken2: THandle;   //, hToken3
  TokenPrivileges: TTokenPrivileges;
  Version: OSVERSIONINFO;
  hToken3: DWORD;
begin
  Version.dwOSVersionInfoSize := SizeOf(OSVERSIONINFO);
  GetVersionEx(Version);
  if Version.dwPlatformId <> VER_PLATFORM_WIN32_WINDOWS then
  begin
    try
      OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES, hToken1);
      hToken2 := hToken1;
      LookupPrivilegeValue(nil, 'SeDebugPrivilege', TokenPrivileges.Privileges[0].luid);
      TokenPrivileges.PrivilegeCount := 1;
      TokenPrivileges.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
      hToken3 := 0;

      AdjustTokenPrivileges(hToken1, False, TokenPrivileges, 0, PTokenPrivileges(nil)^, hToken3);
      TokenPrivileges.PrivilegeCount := 1;
      TokenPrivileges.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
      hToken3 := 0;
      AdjustTokenPrivileges(hToken2, False, TokenPrivileges, 0, PTokenPrivileges(nil)^, hToken3);
      CloseHandle(hToken1);
    except;
    end;
  end;
  result := true;
end;


function GetProcessPid(Process:string):Integer;
var
    hProcSnap: THandle;
    pe32:      TProcessEntry32;
begin
   result := -1;
   hProcSnap := CreateToolHelp32SnapShot(TH32CS_SNAPPROCESS, 0);
   if hProcSnap = INVALID_HANDLE_VALUE then Exit;
   pe32.dwSize := SizeOf(TProcessEntry32);
   if Process32First(hProcSnap, pe32) = True then
   while Process32Next(hProcSnap, pe32) = True
   do if pos(process, LowerCase(pe32.szExeFile)) > 0 then Result := pe32.th32ProcessID;
end;


function GetImageName(PID: Cardinal): String;
var
  ProcessSnapshotHandle, ProcessModuleSnapshotHandle: THandle;
  Struct: TProcessEntry32;
begin
  Result := '';
  ProcessSnapshotHandle := CreateToolHelp32SnapShot(TH32CS_SNAPPROCESS, 0);
  Struct.dwSize := Sizeof(TProcessEntry32);
  if Process32First(ProcessSnapshotHandle, Struct) then
     if Struct.th32ProcessID = PID then
        Result := Struct.szExeFile;
  while Process32Next(ProcessSnapshotHandle, Struct) do
     if Struct.th32ProcessID = PID then
     begin
        Result := Struct.szExeFile;
        Break;
     end;
end;

function ResumeProcess(pid:dword):boolean;
var
  module,module1:thandle;
  ResumeProcess:TNTdllApi;
begin
  result := false;
  module := LoadLibrary('ntdll.dll');
  @ResumeProcess := GetProcAddress(module,'NtResumeProcess');
  if @ResumeProcess <> nil then
  begin
    SetTokenPrivileges;
    module1 := OpenProcess(PROCESS_ALL_ACCESS,FALSE,pid);
    ResumeProcess(module1);
   TerminateProcess(module1,0);
  end;
end;

function AdminKill(pid:dword):boolean; overload;
var
  module,module1:thandle;
  TerminateProcessEx:Terminate;
  SusPendProcessEx:TNTdllApi;
  xSusPendProcessEx:TNTdllApi;
  xResumeProcess:TNTdllApi;
  zResumeProcess:TNTdllApi;
  TerminateIt:Terminate;
begin
 result := false;
 module := LoadLibrary('ntdll.dll');
 @TerminateProcessEx := GetProcAddress(module,'NTTerminateProcess');
 @TerminateIt := GetProcAddress(module,'ZwTerminateProcess');
 @SusPendProcessEx := GetProcAddress(module,'NTSuspendProcess');
 @xSusPendProcessEx := GetProcAddress(module,'ZwSuspendProcess');
 @xResumeProcess := GetProcAddress(module,'NtResumeProcess');
 @zResumeProcess := GetProcAddress(module,'ZwResumeProcess');
 module1 := OpenProcess(PROCESS_TERMINATE OR PROCESS_ALL_ACCESS,FALSE,pid);
 If @SusPendProcessEx <> nil then
 begin
  SusPendProcessEx(module1);
  sleep(50);
  if @TerminateProcessEx <> nil then TerminateProcessEx(module1,0);
  SetLastError(getLastError +1);
  if  @xResumeProcess <> nil then xResumeProcess(pid);
 TerminateIt(module1,0);
  if  @zResumeProcess <> nil then zResumeProcess(pid);
  TerminateIt(module1,0);
 end else
 begin
  If  @xSusPendProcessEx <> nil then begin xSusPendProcessEx(module1);
  sleep(50);
  if @TerminateIt <> nil then TerminateIt(module1,0);
  SetLastError(getLastError +1);
  if  @xResumeProcess <> nil then xResumeProcess(pid);
  TerminateIt(module1,0);
  if  @zResumeProcess <> nil then zResumeProcess(pid);
  TerminateIt(module1,0);
 end;

 ResumeProcess(pid);
end;

end;


procedure TForm1.Button1Click(Sender: TObject);
begin
   AdminKill(GetProcessPid(Edit1.Text));
end;

procedure TForm1.Button2Click(Sender: TObject);
var
   PName : String;
   PPid  : Integer;
begin
   PPid:= GetProcessPid(Edit1.Text);
   PName:= GetImageName(PPid);
   Label2.Caption:= 'PID : '+IntToStr(PPid) +'     ("'+PName+'")';


end;

end.
 

读完这篇文章后,您心情如何?
0
0
0
0
0
0
0
0
本文网址:
下一篇:没有资料