本来就是写一个简单的terminate杀进程,写到一半觉得功能不完善,系统进程杀不了,做了一个提权版的,主要思路是
1.获取访问令牌,使用OpenProcessToken函数
2.提升权限,使用自己写的SetPrivilege函数,而SetPrivilege里调用了AdjustTokenPrivileges修改权限
3.最后就可以结束任意进程(不过system进程不能关掉,不过关那个也没什么意思的)
#include
<
stdio.h
>
#include < string .h >
#include < windows.h >
#include < TLHELP32.H >
PROCESSENTRY32 pe32;
HANDLE hProcessSnap;
void ShowUsage(LPCTSTR argv)
... {
printf("Usage: %s -l list current process ",argv);
printf("%s -k pid kill specific process ",argv);
}
int ProcessList()
... {
BOOL bMore;
pe32.dwSize=sizeof(pe32);
hProcessSnap=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if (hProcessSnap==INVALID_HANDLE_VALUE)
...{
printf("Call CreateToolhelp32Snapshot Failed ");
return -1;
}
bMore=Process32First(hProcessSnap,&pe32);
printf(" 进程名称 进程ID ");
while (bMore)
...{
if (strlen(pe32.szExeFile)<9)
printf(" %s %u ",pe32.szExeFile,pe32.th32ProcessID);
else
printf(" %s %u ",pe32.szExeFile,pe32.th32ProcessID);
bMore=Process32Next(hProcessSnap,&pe32);
}
CloseHandle(hProcessSnap);
return 0;
}
BOOL SetPrivilege(HANDLE hToken,LPCTSTR szPrivilege) // 提升权限
... {
TOKEN_PRIVILEGES tp=...{0};
LUID luid;
if (!LookupPrivilegeValue(NULL,szPrivilege,&luid))
return FALSE;
tp.PrivilegeCount=1;
tp.Privileges[0].Luid=luid;
tp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;
if (!AdjustTokenPrivileges(hToken,FALSE,&tp,sizeof(TOKEN_PRIVILEGES),NULL,NULL))
return FALSE;
return TRUE;
}
BOOL ProcessToKill(LPCTSTR szPid)
... {
HANDLE hToken=NULL;
HANDLE hProcessToKill=NULL;
int iPid=atoi(szPid);
if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ALL_ACCESS,&hToken)) //访问令牌
return FALSE;
if (!SetPrivilege(hToken,SE_DEBUG_NAME)) //提升权限
return FALSE;
if((hProcessToKill=OpenProcess(PROCESS_ALL_ACCESS,FALSE,iPid))==NULL)
...{
printf("open process failed ");
CloseHandle(hProcessToKill);
return FALSE;
}
if(TerminateProcess(hProcessToKill,0))
printf("kill process %d successfully ",iPid);
else
printf("cannot terminate the process! ");
CloseHandle(hProcessToKill);
return 0;
}
int main( int argc, char * argv[])
... {
switch(argc)
...{
case 1:
ShowUsage(argv[0]);
break;
case 2:
if(strcmp(argv[1],"-l")==0)
ProcessList();
else
ShowUsage(argv[0]);
break;
case 3:
if (strcmp(argv[1],"-k")==0)
ProcessToKill(argv[2]);
else
ShowUsage(argv[0]);
break;
default:
ShowUsage(argv[0]);
break;
}
return 0;
}
#include < string .h >
#include < windows.h >
#include < TLHELP32.H >
PROCESSENTRY32 pe32;
HANDLE hProcessSnap;
void ShowUsage(LPCTSTR argv)
... {
printf("Usage: %s -l list current process ",argv);
printf("%s -k pid kill specific process ",argv);
}
int ProcessList()
... {
BOOL bMore;
pe32.dwSize=sizeof(pe32);
hProcessSnap=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if (hProcessSnap==INVALID_HANDLE_VALUE)
...{
printf("Call CreateToolhelp32Snapshot Failed ");
return -1;
}
bMore=Process32First(hProcessSnap,&pe32);
printf(" 进程名称 进程ID ");
while (bMore)
...{
if (strlen(pe32.szExeFile)<9)
printf(" %s %u ",pe32.szExeFile,pe32.th32ProcessID);
else
printf(" %s %u ",pe32.szExeFile,pe32.th32ProcessID);
bMore=Process32Next(hProcessSnap,&pe32);
}
CloseHandle(hProcessSnap);
return 0;
}
BOOL SetPrivilege(HANDLE hToken,LPCTSTR szPrivilege) // 提升权限
... {
TOKEN_PRIVILEGES tp=...{0};
LUID luid;
if (!LookupPrivilegeValue(NULL,szPrivilege,&luid))
return FALSE;
tp.PrivilegeCount=1;
tp.Privileges[0].Luid=luid;
tp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;
if (!AdjustTokenPrivileges(hToken,FALSE,&tp,sizeof(TOKEN_PRIVILEGES),NULL,NULL))
return FALSE;
return TRUE;
}
BOOL ProcessToKill(LPCTSTR szPid)
... {
HANDLE hToken=NULL;
HANDLE hProcessToKill=NULL;
int iPid=atoi(szPid);
if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ALL_ACCESS,&hToken)) //访问令牌
return FALSE;
if (!SetPrivilege(hToken,SE_DEBUG_NAME)) //提升权限
return FALSE;
if((hProcessToKill=OpenProcess(PROCESS_ALL_ACCESS,FALSE,iPid))==NULL)
...{
printf("open process failed ");
CloseHandle(hProcessToKill);
return FALSE;
}
if(TerminateProcess(hProcessToKill,0))
printf("kill process %d successfully ",iPid);
else
printf("cannot terminate the process! ");
CloseHandle(hProcessToKill);
return 0;
}
int main( int argc, char * argv[])
... {
switch(argc)
...{
case 1:
ShowUsage(argv[0]);
break;
case 2:
if(strcmp(argv[1],"-l")==0)
ProcessList();
else
ShowUsage(argv[0]);
break;
case 3:
if (strcmp(argv[1],"-k")==0)
ProcessToKill(argv[2]);
else
ShowUsage(argv[0]);
break;
default:
ShowUsage(argv[0]);
break;
}
return 0;
}