用NtTerminateProcess真正终止进程.
首先,要使用Native API,要对它进行声名:
typedef DWORD (CALLBACK* NTTERMINATEPROCESS)(HANDLE,UINT);
NTTERMINATEPROCESS NtTerminateProcess;
HMODULE hNtdll = NULL;
hNtdll = LoadLibrary( "ntdll.dll" );
//从ntdll.dll里获取函数
if ( !hNtdll )
{
printf( "LoadLibrary( NTDLL.DLL ) Error:%d\n", GetLastError() );
return false;
}
NtTerminateProcess = (NTTERMINATEPROCESS)
GetProcAddress( hNtdll, "NtTerminateProcess");
代码:
#include <iostream.h>
#include <windows.h>
#include <tlhelp32.h>
#include <stdio.h>
typedef DWORD (CALLBACK* NTTERMINATEPROCESS)(HANDLE,UINT);
NTTERMINATEPROCESS NtTerminateProcess;
BOOL SetPrivilege(HANDLE hToken,LPCTSTR lpszPrivilege,BOOL bEnablePrivilege