zoukankan      html  css  js  c++  java
  • 黑客编程教程(十)查杀进程

     第十节 查杀进程
    
     我们在编写木马和后门程序时,列出和查杀进程是非常重要的.
    
    列出进程我们使用palist函数:
    void pslist(void)
     {
      HANDLE hProcessSnap = NULL;
      PROCESSENTRY32 pe32= {0};
      hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
      if (hProcessSnap == (HANDLE)-1)
      {
       printf("
    CreateToolhelp32Snapshot() failed:%d",GetLastError());
       return ;
      }
      pe32.dwSize = sizeof(PROCESSENTRY32);
      printf("
    ProcessName     ProcessID");
      if (Process32First(hProcessSnap, &pe32))
      {
       char a[5];
       do
       {
        itoa(pe32.th32ProcessID,a,10);
        printf("
    %-20s%d",pe32.szExeFile,pe32.th32ProcessID);
       }
       while (Process32Next(hProcessSnap, &pe32));
      }
      else
      {
        printf("
    Process32Firstt() failed:%d",GetLastError());
      }
      CloseHandle (hProcessSnap);
      return;
     }
    
    上边的代码列出了进程的PID,有了PID我们就可以使用PSKILL杀进程:
    
    BOOL killps(DWORD id)
     {
      HANDLE hProcess=NULL,hProcessToken=NULL;
      BOOL IsKilled=FALSE,bRet=FALSE;
      try
      {
    
      if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ALL_ACCESS,&hProcessToken))
       {
        printf("
    Open Current Process Token failed:%d",GetLastError());
        leave;
       }
       //printf("
    Open Current Process Token ok!");
       if(!SetPrivilege(hProcessToken,SE_DEBUG_NAME,TRUE))
       {
        leave;
       }
       printf("
    SetPrivilege ok!");
    
      if((hProcess=OpenProcess(PROCESS_ALL_ACCESS,FALSE,id))==NULL)
       {
        printf("
    Open Process %d failed:%d",id,GetLastError());
        leave;
       }
       //printf("
    Open Process %d ok!",id);
       if(!TerminateProcess(hProcess,1))
       {
        printf("
    TerminateProcess failed:%d",GetLastError());
        leave;
       }
       IsKilled=TRUE;
      }
      finally
      {
       if(hProcessToken!=NULL) CloseHandle(hProcessToken);
       if(hProcess!=NULL) CloseHandle(hProcess);
      }
      return(IsKilled);
     }
    
    BOOL SetPrivilege(HANDLE hToken,LPCTSTR lpszPrivilege,BOOL bEnablePrivilege)     //提升权限
    {
      TOKEN_PRIVILEGES tp;
      LUID luid;
    
     if(!LookupPrivilegeValue(NULL,lpszPrivilege,&luid))
      {
       printf("
    LookupPrivilegeValue error:%d", GetLastError() );
       return FALSE;
      }
      tp.PrivilegeCount = 1;
      tp.Privileges[0].Luid = luid;
      if (bEnablePrivilege)
       tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
      else
       tp.Privileges[0].Attributes = 0;
      AdjustTokenPrivileges(
         hToken,
         FALSE,
         &tp,
         sizeof(TOKEN_PRIVILEGES),
         (PTOKEN_PRIVILEGES) NULL,
         (PDWORD) NULL);
      if (GetLastError() != ERROR_SUCCESS)
      {
       printf("AdjustTokenPrivileges failed: %u
    ", GetLastError() );
       return FALSE;
      }
      return TRUE;
     }
  • 相关阅读:
    迭代器,生成器的理解
    需求
    关于dom 0级 2级 3级事件的理解
    夯实前端基础
    前端面试题 收集
    前端易忘点,持续更新
    form target 文件上传
    ES6 symbol
    bzoj1260 [CQOI2007]涂色paint
    bzoj1083 [SCOI2005]繁忙的都市
  • 原文地址:https://www.cnblogs.com/rinack/p/3195649.html
Copyright © 2011-2022 走看看