众所周知,当我们要结束一个进程时,可以调用WINDOWS API函数TerminateProcess函数。但是,有很多进程依然还是无法结束的,这是因为进程权限不够,这时我们可以给进程提升权限再K掉K不掉的进程。一般进程获取了SeDebugPrivilege权限后都可以杀掉大部分进程了。
//提升进程令牌函数
function AdjustProcessPrivilege(ProcessHandle:THandle;Token_Name:Pchar):boolean;
var
Token:Cardinal;
TokenPri:_TOKEN_PRIVILEGES;
ProcessDest:int64;
l:DWORD;
begin
Result:=False;
if OpenProcessToken(ProcessHandle,TOKEN_Adjust_Privileges,Token) then
begin
if LookupPrivilegeValue(nil,Token_Name,ProcessDest) then
begin
TokenPri.PrivilegeCount:=1;
TokenPri.Privileges[0].Attributes:=SE_PRIVILEGE_ENABLED;
TokenPri.Privileges[0].Luid:=ProcessDest;
l:=0;
//更新进程令牌,成功返回TRUE
if AdjustTokenPrivileges(Token,False,TokenPri,sizeof(TokenPri),nil,l) then
Result:=True;
end;
end;
end;
然后我们就可以调用该函数了:
procedure TFmMain.TBitBtn1Click(Sender: TObject);
var
ok: Bool;
ProcessListHandle: THandle;
ProcessStruct: TProcessEntry32;
ProcessID:THandle;
ProcessHandle:HWND;
Token:Cardinal;
TokenPri:_TOKEN_PRIVILEGES;
ProcessDest,a:int64;
dummy:DWORD;
begin
Memo1.Clear;
ProcessListHandle := CreateToolHelp32Snapshot(TH32CS_SNAPPROCESS, 0);
ProcessStruct.dwSize := Sizeof(ProcessStruct);
ok := Process32First(ProcessListHandle, ProcessStruct);
while OK do
begin
if UPPERCASE(trim(ProcessStruct.szExeFile))='TASKMGR.EXE' then
begin
Memo1.Lines.Add('已发现进程');
ProcessID:=ProcessStruct.th32ProcessID;
break;
end;
ok := Process32Next(ProcessListHandle, ProcessStruct);
end;
CloseHandle(ProcessListHandle);
if AdjustProcessPrivilege(GetCurrentProcess,'SeDebugPrivilege') then //提升权限
Memo1.Lines.Add('提升权限成功')
else
Memo1.Lines.Add('提升权限失败');
ProcessHandle:=OpenProcess(PROCESS_ALL_ACCESS ,False,ProcessID); //杀进程
if TerminateProcess(ProcessHandle,1) then
begin
Memo1.lines.add('杀进程成功');
Timer1.Enabled:=False;
end
else
Memo1.lines.add('杀进程失败');
end;
****************************************************************************************************************************************************************************************
补充
头部请加入:Tlhelp32
//提升进程权限为DEBUG权限
procedure SetPrivilege;
var
OldTokenPrivileges, TokenPrivileges: TTokenPrivileges;
ReturnLength: dword;
hToken: THandle;
Luid: int64;
begin
OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES, hToken);
LookupPrivilegeValue(nil, 'SeDebugPrivilege', Luid);
TokenPrivileges.Privileges[0].luid := Luid;
TokenPrivileges.PrivilegeCount := 1;
TokenPrivileges.Privileges[0].Attributes := 0;
AdjustTokenPrivileges(hToken, False, TokenPrivileges, SizeOf(TTokenPrivileges), OldTokenPrivileges, ReturnLength);
OldTokenPrivileges.Privileges[0].luid := Luid;
OldTokenPrivileges.PrivilegeCount := 1;
OldTokenPrivileges.Privileges[0].Attributes := TokenPrivileges.Privileges[0].Attributes or SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hToken, False, OldTokenPrivileges, ReturnLength, PTokenPrivileges(nil)^, ReturnLength);
end;
例子:结束进程的函数供大家参考:
function KillTask(ExeFileName: string): integer;
const
PROCESS_TERMINATE=$0001;
var
ContinueLoop: BOOL;
FSnapshotHandle: THandle;
FProcessEntry32: TProcessEntry32;
begin
result := 0;
FSnapshotHandle := CreateToolhelp32Snapshot
(TH32CS_SNAPPROCESS, 0);
FProcessEntry32.dwSize := Sizeof(FProcessEntry32);
ContinueLoop := Process32First(FSnapshotHandle,
FProcessEntry32);
while integer(ContinueLoop) <> 0 do
begin
if ((UpperCase(ExtractFileName(FProcessEntry32.szExeFile)) =
UpperCase(ExeFileName))
or (UpperCase(FProcessEntry32.szExeFile) =
UpperCase(ExeFileName))) then
Result := Integer(TerminateProcess(OpenProcess(
PROCESS_TERMINATE, BOOL(0),
FProcessEntry32.th32ProcessID), 0));
ContinueLoop := Process32Next(FSnapshotHandle,
FProcessEntry32);
end;
CloseHandle(FSnapshotHandle);
end;