看到标题不要惊讶,这个东西很久很久以前就有人发过了,当时我完全没看懂。下面的代码是我根据题目按照自己的想法写的,只是因为最近很无聊,代码没有任何价值。
代码:
#include<stdio.h> #include<windows.h> #include<Tlhelp32.h> int kestrcmpi(char *str1,char *str2); BOOL EnableDebugPrivileges(); int main(void) { PROCESSENTRY32 pe32; MODULEENTRY32 te32; HANDLE hSnapshot,hSnapshot1,hTarget; void *pNothing; char *szTarget[31]; DWORD dwStore,dwFillSize; printf("Input the name of process which you wanna kill(case sensitive):"); scanf("%30s",szTarget); EnableDebugPrivileges(); hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0); if(hSnapshot == INVALID_HANDLE_VALUE) { printf("Create snapshot for processes failed!\n"); system("pause"); return 1; } pe32.dwSize = sizeof(PROCESSENTRY32); if(Process32First(hSnapshot,&pe32)) do { if(kestrcmpi(pe32.szExeFile,(char*)szTarget)) { hSnapshot1 = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,pe32.th32ProcessID); if(hSnapshot1 == INVALID_HANDLE_VALUE) { printf("Create snapshot for modules failed!\n"); system("pause"); return 1; } te32.dwSize = sizeof(MODULEENTRY32); if(Module32First(hSnapshot1,&te32)) { hTarget = OpenProcess(PROCESS_ALL_ACCESS,0,pe32.th32ProcessID); if(!hTarget) { printf("open target process failed!\n"); system("pause"); return 1; } if(!ReadProcessMemory(hTarget,(void*)(te32.modBaseAddr+0x3c),&dwStore,4,NULL)) { printf("ReadProcessMemory1 failed!\n"); system("pause"); return 1; } if(!ReadProcessMemory(hTarget,(void*)(te32.modBaseAddr+dwStore+0x28),&dwStore,4,NULL)) { printf("ReadProcessMemory2 failed!\n"); system("pause"); return 1; } dwFillSize = (int)te32.modBaseSize-dwStore; pNothing = calloc(dwFillSize,1); if(!WriteProcessMemory(hTarget,(void*)(te32.modBaseAddr+dwStore),pNothing,dwFillSize,NULL)) { printf("WriteProcessMemory failed!\n"); system("pause"); return 1; } } } } while(Process32Next(hSnapshot,&pe32)); free(pNothing); CloseHandle(hTarget); CloseHandle(hSnapshot); CloseHandle(hSnapshot1); return 0; } int kestrcmpi(char *str1,char *str2) { if(strlen(str1) != strlen(str2)) return 0; while(*str1 != 0) { if((*str1|0x20) != (*str2|0x20)) return 0; str1++; str2++; } return 1; } BOOL EnableDebugPrivileges() { BOOL bRet; HANDLE hToken; bRet = OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken); if(!bRet) return 0; TOKEN_PRIVILEGES tp; tp.PrivilegeCount = 1; LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&tp.Privileges[0].Luid); tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; AdjustTokenPrivileges(hToken,FALSE,&tp,sizeof(tp),NULL,NULL); if(GetLastError() != ERROR_SUCCESS) return 0; return 1; }