delphi驱动结束进程
弄了一天,用dddk编译的,主要是native api的声明不好转
unit ring0kill;
interface
uses
nt_status, ntoskrnl;
function _DriverEntry(pDriverObject:PDRIVER_OBJECT; pusRegistryPath:PUNICODE_STRING): NTSTATUS; stdcall;
implementation
function _DriverEntry(pDriverObject:PDRIVER_OBJECT; pusRegistryPath:PUNICODE_STRING): NTSTATUS;
var
hProcess:thandle;
cid: CLIENT_ID;
oa :OBJECT_ATTRIBUTES;
hJob: DWORD;
begin
oa.Length := sizeof(OBJECT_ATTRIBUTES);
oa.RootDirectory := 0;
oa.ObjectName := nil;
oa.Attributes := 0;
oa.SecurityDescriptor := nil;
oa.SecurityQualityOfService := nil;
cid.UniqueProcess := 1076;//呵呵,进程pid
cid.UniqueThread := 0;
ZwOpenProcess(@hProcess, $001F0FFF , @oa, @cid);
ZwTerminateProcess(hProcess, 0);
ZwClose(hProcess);
DbgPrint('SystemModules: Leaving DriverEntry');
result := STATUS_DEVICE_CONFIGURATION_ERROR;
end;
end.
unit ring0kill;
interface
uses
nt_status, ntoskrnl;
function _DriverEntry(pDriverObject:PDRIVER_OBJECT; pusRegistryPath:PUNICODE_STRING): NTSTATUS; stdcall;
implementation
function _DriverEntry(pDriverObject:PDRIVER_OBJECT; pusRegistryPath:PUNICODE_STRING): NTSTATUS;
var
hProcess:thandle;
cid: CLIENT_ID;
oa :OBJECT_ATTRIBUTES;
hJob: DWORD;
begin
oa.Length := sizeof(OBJECT_ATTRIBUTES);
oa.RootDirectory := 0;
oa.ObjectName := nil;
oa.Attributes := 0;
oa.SecurityDescriptor := nil;
oa.SecurityQualityOfService := nil;
cid.UniqueProcess := 1076;//呵呵,进程pid
cid.UniqueThread := 0;
ZwOpenProcess(@hProcess, $001F0FFF , @oa, @cid);
ZwTerminateProcess(hProcess, 0);
ZwClose(hProcess);
DbgPrint('SystemModules: Leaving DriverEntry');
result := STATUS_DEVICE_CONFIGURATION_ERROR;
end;
end.
推荐分享
图文皆来源于网络,内容仅做公益性分享,版权归原作者所有,如有侵权请告知删除!
Copyright © 2014 DelphiW.com 开发 源码 文档 技巧 All Rights Reserved
晋ICP备14006235号-8 晋公网安备 14108102000087号
执行时间: 0.052955865859985 seconds