看到标题不要惊讶,这个东西很久很久以前就有人发过了,当时我完全没看懂。下面的代码是我根据题目按照自己的想法写的,只是因为最近很无聊,代码没有任何价值。

代码:
#include<stdio.h> 
#include<windows.h> 
#include<Tlhelp32.h> 
int kestrcmpi(char *str1,char *str2); 
BOOL EnableDebugPrivileges(); 
int main(void) 
{ 
    PROCESSENTRY32 pe32; 
    MODULEENTRY32 te32; 
    HANDLE hSnapshot,hSnapshot1,hTarget; 
    void *pNothing; 
    char *szTarget[31]; 
    DWORD dwStore,dwFillSize;
    printf("Input the name of process which you wanna kill(case sensitive):"); 
    scanf("%30s",szTarget); 
    EnableDebugPrivileges(); 
    hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0); 
    if(hSnapshot == INVALID_HANDLE_VALUE) 
    { 
        printf("Create snapshot for processes failed!\n"); 
        system("pause"); 
        return 1; 
    } 
    pe32.dwSize = sizeof(PROCESSENTRY32); 
    if(Process32First(hSnapshot,&pe32)) 
        do 
        { 
            if(kestrcmpi(pe32.szExeFile,(char*)szTarget)) 
            { 
                hSnapshot1 = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,pe32.th32ProcessID); 
                if(hSnapshot1 == INVALID_HANDLE_VALUE) 
                { 
                    printf("Create snapshot for modules failed!\n"); 
                    system("pause"); 
                    return 1; 
                } 
                te32.dwSize = sizeof(MODULEENTRY32); 
                if(Module32First(hSnapshot1,&te32)) 
                { 
                    hTarget = OpenProcess(PROCESS_ALL_ACCESS,0,pe32.th32ProcessID); 
                    if(!hTarget) 
                    { 
                        printf("open target process failed!\n"); 
                        system("pause"); 
                        return 1; 
                    } 
                    if(!ReadProcessMemory(hTarget,(void*)(te32.modBaseAddr+0x3c),&dwStore,4,NULL))
                    {
                        printf("ReadProcessMemory1 failed!\n");
                        system("pause");
                        return 1;
                    }
                    if(!ReadProcessMemory(hTarget,(void*)(te32.modBaseAddr+dwStore+0x28),&dwStore,4,NULL))
                    {
                        printf("ReadProcessMemory2 failed!\n");
                        system("pause");
                        return 1;
                    }
                    dwFillSize = (int)te32.modBaseSize-dwStore;
                    pNothing = calloc(dwFillSize,1); 
                    if(!WriteProcessMemory(hTarget,(void*)(te32.modBaseAddr+dwStore),pNothing,dwFillSize,NULL)) 
                    { 
                        printf("WriteProcessMemory failed!\n"); 
                        system("pause"); 
                        return 1; 
                    } 
                } 
            } 
        } 
        while(Process32Next(hSnapshot,&pe32)); 
    free(pNothing); 
    CloseHandle(hTarget);
    CloseHandle(hSnapshot); 
    CloseHandle(hSnapshot1); 
    return 0; 
} 
int kestrcmpi(char *str1,char *str2) 
{ 
    if(strlen(str1) != strlen(str2)) 
        return 0; 
    while(*str1 != 0) 
    { 
        if((*str1|0x20) != (*str2|0x20)) 
            return 0; 
        str1++; 
        str2++; 
    } 
    return 1; 
} 
BOOL EnableDebugPrivileges() 
{ 
  BOOL bRet; 
  HANDLE hToken; 
  bRet = OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken); 
  if(!bRet) 
    return 0; 
  TOKEN_PRIVILEGES tp; 
  tp.PrivilegeCount = 1; 
  LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&tp.Privileges[0].Luid); 
  tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; 
  AdjustTokenPrivileges(hToken,FALSE,&tp,sizeof(tp),NULL,NULL); 
  if(GetLastError() != ERROR_SUCCESS) 
    return 0; 
  return 1; 
} 
附bin一个
上传的附件 zero.rar