#include "../../RLib/RLib/native/RLib_Native.h"
#pragma comment(lib, "ntdll.lib")
Array<handle> *found_if_process_by_name(LPCWSTR name IN, LPCWSTR parent_name IN)
{
unsigned long bytes = 0;
ManagedMemoryBlock<char> buffer;
// process enumeration
while (true) {
auto status = NtQuerySystemInformation(SystemProcessInformation,
buffer.ToAny<psystem_process_information>(),
bytes,
&bytes);
if (!NT_SUCCESS(status)) {
if (status == STATUS_INFO_LENGTH_MISMATCH) {
buffer = ManagedMemoryBlock<char>(bytes * 2).SuppressFinalize();
continue;
}
// failed
return nullptr;
}
break;
}
// find target process by name
int lastBucket = -1;
HANDLE processId[16] = { NULL };
HANDLE inheritedFromProcessId[16] = { NULL };
auto lpProcessInfo = buffer.ToAny<system_process_information
C++调用NTAPI枚举并强制关闭指定进程
这篇博客介绍如何用C++通过NTAPI枚举系统进程,寻找并强制关闭指定名称的进程及其子进程。首先,通过NtQuerySystemInformation获取系统进程信息,然后根据进程名找到目标进程ID和其父进程ID。最后,使用OpenProcess和NtTerminateProcess来终止进程。
摘要由CSDN通过智能技术生成