杀手归来!Process Killer 终于可以笑傲江湖了!

继前2片《谋杀》系列失败后,

(1) 发现了在公司的电脑中影响Windows性能,造成硬盘唱狂响曲的罪魁祸首!
(2) 谋杀失败!可以杀掉Notepad.exe这样的进程,却对CcmExec.exe这个进程没有办法!

并没有放弃,彻底分析后,终于让Killer可以笑傲江湖了...

摘略如下:

之所以不能杀掉...最大的原因就是执行的程序的级别小于要杀掉的进程的级别,所以重点就是要解决这个问题!

代码如下:

''' API for Changing the Process' Privilege Private Declare Function GetCurrentProcess Lib "KERNEL32" () As Long Private Declare Function LookupPrivilegeValue Lib "advapi32.dll" Alias "LookupPrivilegeValueA" (ByVal lpSystemName As String, ByVal lpName As String, lpLuid As LUID) As Long Private Declare Function AdjustTokenPrivileges Lib "advapi32.dll" (ByVal TokenHandle As Long, ByVal DisableAllPrivileges As Long, NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Long, PreviousState As TOKEN_PRIVILEGES, ReturnLength As Long) As Long Private Declare Function OpenProcessToken Lib "advapi32.dll" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, TokenHandle As Long) As Long ''' Adjust Priviledges Sub AdjustSelfTokenPrivileges()

Dim hdlProcessHandle As Long Dim hdlTokenHandle As Long Dim tmpLuid As LUID
Dim tkp As TOKEN_PRIVILEGES
Dim tkpNewButIgnored As TOKEN_PRIVILEGES
Dim lBufferNeeded As Long Dim lp As Long hdlProcessHandle = GetCurrentProcess()
lp
= OpenProcessToken(hdlProcessHandle, TOKEN_ALL_ACCESS, hdlTokenHandle)
lp
= LookupPrivilegeValue("", "SeDebugPrivilege", tmpLuid)
tkp.PrivilegeCount
= 1 tkp.Privileges(0).pLuid = tmpLuid
tkp.Privileges(
0).Attributes = SE_PRIVILEGE_ENABLED
lp
= AdjustTokenPrivileges(hdlTokenHandle, False, tkp, Len(tkpNewButIgnored), tkpNewButIgnored, lBufferNeeded)

End Sub

可以看到提高了Process Privilege后,就可以了!



同时,增加了2个特性,一个是从ini文件中读取配置信息:


另外一个是最小化到系统栏中,单击或双击托盘图标后恢复窗口:


改了这么多地方,就给他叫1.5.0版吧...

活活,正好赶上Firefox目前的主流版本...^ ^!

阅读更多
想对作者说点什么?

博主推荐

换一批

没有更多推荐了,返回首页