作者:admin 来源: 日期:2011/8/16 9:32:34 人气:299 标签:
更多
0用的时候记得引用一下
JwaNative ,JwaWinNT,JwaWinBase,JwaWinType,JwaNtStatus 这些单元.
----------------------------------------------------------------------------------------------------------------------------------------------------------
procedure SetPrivilege;
var
OldTokenPrivileges, TokenPrivileges: TTokenPrivileges;
ReturnLength: dword;
hToken: THandle;
Luid: int64;
begin
OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES, hToken);
LookupPrivilegeValue(nil, 'SeDebugPrivilege', Luid);
TokenPrivileges.Privileges[0].luid := Luid;
TokenPrivileges.PrivilegeCount := 1;
TokenPrivileges.Privileges[0].Attributes := 0;
AdjustTokenPrivileges(hToken, False, TokenPrivileges, SizeOf(TTokenPrivileges), OldTokenPrivileges, ReturnLength);
OldTokenPrivileges.Privileges[0].luid := Luid;
OldTokenPrivileges.PrivilegeCount := 1;
OldTokenPrivileges.Privileges[0].Attributes := TokenPrivileges.Privileges[0].Attributes or SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hToken, False, OldTokenPrivileges, ReturnLength, PTokenPrivileges(nil)^, ReturnLength);
end;
function GetIdByName (szName:pchar):DWORD;
var
hProcessSnap:THANDLE;
pe32:TProcessEntry32;
dwRet:DWORD;
begin
hProcessSnap:=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if (hProcessSnap = INVALID_HANDLE_VALUE) then
begin
Result:=0;
Exit;
end;
pe32.dwSize:=sizeof(pe32);
dwRet:=0;
if Process32First(hProcessSnap,pe32) then
begin
repeat
if UpperCase(strpas(szName))=UpperCase(pe32.szExeFile) then
begin
dwRet:=pe32.th32ProcessID;
break;
end;
until (Process32Next(hProcessSnap,pe32)=FALSE);
end;
CloseHandle(hProcessSnap);
Result:=dwRet;
end;
function FindProcessID(ProcessId:DWORD):Bool;
var
t:Bool;
hProcSnap:THandle;
pProcess:THandle;
pe32:TProcessEntry32;
begin
t:=False;
hProcSnap:=CreateToolHelp32SnapShot(TH32CS_SNAPALL,0);
if hProcSnap=INVALID_HANDLE_VALUE then Exit;
pe32.dwSize:=SizeOf(ProcessEntry32);
if Process32First(hProcSnap,pe32)=True then
while Process32Next(hProcSnap,pe32)=True do
begin
if pe32.th32ProcessID=ProcessId then
begin
t:=true;
end;
end;
CloseHandle(hProcSnap);
Result:=t;
end;
function CopyProcessHandleById(dwProcessId:ULONG):THANDLE;
label Over;
var
i:integer;
buf:PVOID;
csrssid:DWORD;
cid:TClientId;
atr:TObjectAttributes;
BI,NumOfHandles:ULONG;
pbi:TPROCESS_BASIC_INFORMATION ;
HandleInfo:PSYSTEM_HANDLE_INFORMATION;
csrsshandle,StealHandle,CopyHandle:THANDLE;
begin
i:=0;
buf:=nil;
BI:=$400000;
CopyHandle:=0;
csrssid:=GetIdByName ('csrss.exe');
atr.Length:=24;
atr.Attributes:= 0;
cid.UniqueThread:=0;
atr.RootDirectory:=0;
atr.ObjectName:= nil;
cid.UniqueProcess:= csrssid+1; // 加1 加2 加3都行 别来个加 30 40 = =!
atr.SecurityDescriptor:= nil;
atr.SecurityQualityOfService:= nil;
ZwOpenProcess(@csrsshandle,PROCESS_ALL_ACCESS,@atr,@cid);
ZwAllocateVirtualMemory(GetCurrentProcess(),@buf,0,@BI,MEM_COMMIT,PAGE_READWRITE);
ZwQuerySystemInformation(16,buf,$300000,@BI);
NumOfHandles:=ULONG(buf);
HandleInfo:=PSYSTEM_HANDLE_INFORMATION(DWORD(buf)+4);
while (i< NumOfHandles-1) do
begin
if(HandleInfo.ProcessID=csrssid) and (HandleInfo.ObjectTypeNumber=5) then
begin
if (ZwDuplicateObject(csrsshandle,THANDLE(HandleInfo.Handle),THANDLE(-1),@StealHandle,0,0,DUPLICATE_SAME_ACCESS)=STATUS_SUCCESS) then
begin
ZwQueryInformationProcess(StealHandle, 0, @pbi, sizeof(pbi), @BI);
if ( pbi.UniqueProcessId = dwProcessId ) then
begin
CopyHandle:=StealHandle;
ZwClose(csrsshandle);
goto Over;
end;
end;
end;
HandleInfo:=PSYSTEM_HANDLE_INFORMATION(DWORD(HandleInfo)+sizeof(TSYSTEM_HANDLE_INFORMATION));
inc(i);
end;
Over:
BI:=0;
ZwFreeVirtualMemory(GetCurrentProcess(),@buf,@BI,MEM_RELEASE);
if CopyHandle<>0 then
begin
Result:=CopyHandle;
end
else
begin
Result:=0;
end;
end;
function New_ZwOpenProcess(PID: Integer):THandle; //尝试pid+2来获取句柄,如果失败再用 CopyProcessHandleById
var
cid:TClientId;
atr:TObjectAttributes;
begin
atr.Length:=SizeOf(OBJECT_ATTRIBUTES);
atr.RootDirectory:=0;
atr.ObjectName:=nil;
atr.Attributes:=0;
atr.SecurityDescriptor := nil;
atr.SecurityQualityOfService := nil;
cid.UniqueProcess := PID+2;
cid.UniqueThread:=0;
ZwOpenProcess(@Result,PROCESS_ALL_ACCESS,@atr,@cid);
end;
function FindProcessHandlebyId(PID:DWORD):Thandle;
var
tryopen:Thandle;
begin
tryopen:=0;
if FindProcessID(PID) then
begin
tryopen:=New_ZwOpenProcess(PID);
if tryopen<>0 then
begin
Result:=tryopen;
end
else
begin
Result:=CopyProcessHandleById(PID);
end;
end
else
begin
Result:=0;
end;
end;
Procedure CloseProcessByHandle(hProcess:Thandle);
var
h:Thandle;
begin
//ZwUnmapViewOfSection(hProcess,Pointer($7C920000)); //这个就不用说都知道了吧 = =
h:=CreateJobObjectW(nil,'zhu');
if (ZwAssignProcessToJobObject(h,hProcess)=STATUS_SUCCESS) then
begin
ZwTerminateJobObject(h,0);
end;
ZwClose(h);
end;
---------------------------------------------------------------------------------------------------
procedure TForm1.Button1Click(Sender: TObject);
var
closeProcess:Thandle;
begin
closeProcess:=FindProcessHandlebyId(1592);
//ZwTerminateProcess(closeProcess,0); //哎,这个更不用说了吧
CloseProcessByHandle(closeProcess);
end;
http://hi.baidu.com/zhutas/blog/item/79f457fbef6ce9374f4aeac4.html读完这篇文章后,您心情如何?
