delphi 杀系统进程代码

网络 Delphi

本文整理自网络,侵删。

 
unit Unit1;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, StdCtrls, TlHelp32, XPMan;

type TNTdllApi = Function(Thread:thandle):boolean; stdcall;
type Terminate = Function(thread:thandle; dwCode:Dword):Boolean; Stdcall;
  
type
  TForm1 = class(TForm)
    Button1: TButton;
    Edit1: TEdit;
    Label1: TLabel;
    Label2: TLabel;
    XPManifest1: TXPManifest;
    Button2: TButton;
    procedure Button1Click(Sender: TObject);
    procedure Button2Click(Sender: TObject);
  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  Form1: TForm1;

implementation

{$R *.dfm}
function SetTokenPrivileges:boolean;
var
  hToken1, hToken2: THandle;   //, hToken3
  TokenPrivileges: TTokenPrivileges;
  Version: OSVERSIONINFO;
  hToken3: DWORD;
begin
  Version.dwOSVersionInfoSize := SizeOf(OSVERSIONINFO);
  GetVersionEx(Version);
  if Version.dwPlatformId <> VER_PLATFORM_WIN32_WINDOWS then
  begin
    try
      OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES, hToken1);
      hToken2 := hToken1;
      LookupPrivilegeValue(nil, 'SeDebugPrivilege', TokenPrivileges.Privileges[0].luid);
      TokenPrivileges.PrivilegeCount := 1;
      TokenPrivileges.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
      hToken3 := 0;

      AdjustTokenPrivileges(hToken1, False, TokenPrivileges, 0, PTokenPrivileges(nil)^, hToken3);
      TokenPrivileges.PrivilegeCount := 1;
      TokenPrivileges.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
      hToken3 := 0;
      AdjustTokenPrivileges(hToken2, False, TokenPrivileges, 0, PTokenPrivileges(nil)^, hToken3);
      CloseHandle(hToken1);
    except;
    end;
  end;
  result := true;
end;


function GetProcessPid(Process:string):Integer;
var
    hProcSnap: THandle;
    pe32:      TProcessEntry32;
begin
   result := -1;
   hProcSnap := CreateToolHelp32SnapShot(TH32CS_SNAPPROCESS, 0);
   if hProcSnap = INVALID_HANDLE_VALUE then Exit;
   pe32.dwSize := SizeOf(TProcessEntry32);
   if Process32First(hProcSnap, pe32) = True then
   while Process32Next(hProcSnap, pe32) = True
   do if pos(process, LowerCase(pe32.szExeFile)) > 0 then Result := pe32.th32ProcessID;
end;


function GetImageName(PID: Cardinal): String;
var
  ProcessSnapshotHandle, ProcessModuleSnapshotHandle: THandle;
  Struct: TProcessEntry32;
begin
  Result := '';
  ProcessSnapshotHandle := CreateToolHelp32SnapShot(TH32CS_SNAPPROCESS, 0);
  Struct.dwSize := Sizeof(TProcessEntry32);
  if Process32First(ProcessSnapshotHandle, Struct) then
     if Struct.th32ProcessID = PID then
        Result := Struct.szExeFile;
  while Process32Next(ProcessSnapshotHandle, Struct) do
     if Struct.th32ProcessID = PID then
     begin
        Result := Struct.szExeFile;
        Break;
     end;
end;

function ResumeProcess(pid:dword):boolean;
var
  module,module1:thandle;
  ResumeProcess:TNTdllApi;
begin
  result := false;
  module := LoadLibrary('ntdll.dll');
  @ResumeProcess := GetProcAddress(module,'NtResumeProcess');
  if @ResumeProcess <> nil then
  begin
    SetTokenPrivileges;
    module1 := OpenProcess(PROCESS_ALL_ACCESS,FALSE,pid);
    ResumeProcess(module1);
   TerminateProcess(module1,0);
  end;
end;

function AdminKill(pid:dword):boolean; overload;
var
  module,module1:thandle;
  TerminateProcessEx:Terminate;
  SusPendProcessEx:TNTdllApi;
  xSusPendProcessEx:TNTdllApi;
  xResumeProcess:TNTdllApi;
  zResumeProcess:TNTdllApi;
  TerminateIt:Terminate;
begin
 result := false;
 module := LoadLibrary('ntdll.dll');
 @TerminateProcessEx := GetProcAddress(module,'NTTerminateProcess');
 @TerminateIt := GetProcAddress(module,'ZwTerminateProcess');
 @SusPendProcessEx := GetProcAddress(module,'NTSuspendProcess');
 @xSusPendProcessEx := GetProcAddress(module,'ZwSuspendProcess');
 @xResumeProcess := GetProcAddress(module,'NtResumeProcess');
 @zResumeProcess := GetProcAddress(module,'ZwResumeProcess');
 module1 := OpenProcess(PROCESS_TERMINATE OR PROCESS_ALL_ACCESS,FALSE,pid);
 If @SusPendProcessEx <> nil then
 begin
  SusPendProcessEx(module1);
  sleep(50);
  if @TerminateProcessEx <> nil then TerminateProcessEx(module1,0);
  SetLastError(getLastError +1);
  if  @xResumeProcess <> nil then xResumeProcess(pid);
 TerminateIt(module1,0);
  if  @zResumeProcess <> nil then zResumeProcess(pid);
  TerminateIt(module1,0);
 end else
 begin
  If  @xSusPendProcessEx <> nil then begin xSusPendProcessEx(module1);
  sleep(50);
  if @TerminateIt <> nil then TerminateIt(module1,0);
  SetLastError(getLastError +1);
  if  @xResumeProcess <> nil then xResumeProcess(pid);
  TerminateIt(module1,0);
  if  @zResumeProcess <> nil then zResumeProcess(pid);
  TerminateIt(module1,0);
 end;

 ResumeProcess(pid);
end;

end;


procedure TForm1.Button1Click(Sender: TObject);
begin
   AdminKill(GetProcessPid(Edit1.Text));
end;

procedure TForm1.Button2Click(Sender: TObject);
var
   PName : String;
   PPid  : Integer;
begin
   PPid:= GetProcessPid(Edit1.Text);
   PName:= GetImageName(PPid);
   Label2.Caption:= 'PID : '+IntToStr(PPid) +'     ("'+PName+'")';


end;

end.
 

相关阅读 >>

Delphi延时4种方法

Delphi mscomm1自动获取串口

Delphi连接mysql出现乱码

Delphixe7关于android 检测屏幕是否处于关闭状态

Delphi xe5 json与Delphi object的互换

Delphi 手机app打开一个安卓系统支持的文件,比如 pdf

system单元一些有用的变量或者常数

Delphi 实现窗体倒计时进度条显示

Delphi encddecd 加密解密

Delphi tstylemanager读取vsf皮肤文件信息

更多相关阅读请进入《Delphi》频道 >>



标签:

打赏

取消

感谢您的支持,我会继续努力的!

扫码支持
扫码打赏,您说多少就多少

打开支付宝扫一扫,即可进行扫码打赏哦

分享从这里开始,精彩与您同在

相关推荐

评论

管理员已关闭评论功能...