delphi 杀系统进程代码  
官方Delphi 学习QQ群: 682628230(三千人)
频道

  1. 人气:
  2. 放大
  3. 缩小
  4. 二维码
  5. 赞赏

delphi 杀系统进程代码

unit Unit1;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, StdCtrls, TlHelp32, XPMan;

type TNTdllApi = Function(Thread:thandle):boolean; stdcall;
type Terminate = Function(thread:thandle; dwCode:Dword):Boolean; Stdcall;
  
type
  TForm1 = class(TForm)
    Button1: TButton;
    Edit1: TEdit;
    Label1: TLabel;
    Label2: TLabel;
    XPManifest1: TXPManifest;
    Button2: TButton;
    procedure Button1Click(Sender: TObject);
    procedure Button2Click(Sender: TObject);
  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  Form1: TForm1;

implementation

{$R *.dfm}
function SetTokenPrivileges:boolean;
var
  hToken1, hToken2: THandle;   //, hToken3
  TokenPrivileges: TTokenPrivileges;
  Version: OSVERSIONINFO;
  hToken3: DWORD;
begin
  Version.dwOSVersionInfoSize := SizeOf(OSVERSIONINFO);
  GetVersionEx(Version);
  if Version.dwPlatformId <> VER_PLATFORM_WIN32_WINDOWS then
  begin
    try
      OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES, hToken1);
      hToken2 := hToken1;
      LookupPrivilegeValue(nil, 'SeDebugPrivilege', TokenPrivileges.Privileges[0].luid);
      TokenPrivileges.PrivilegeCount := 1;
      TokenPrivileges.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
      hToken3 := 0;

      AdjustTokenPrivileges(hToken1, False, TokenPrivileges, 0, PTokenPrivileges(nil)^, hToken3);
      TokenPrivileges.PrivilegeCount := 1;
      TokenPrivileges.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
      hToken3 := 0;
      AdjustTokenPrivileges(hToken2, False, TokenPrivileges, 0, PTokenPrivileges(nil)^, hToken3);
      CloseHandle(hToken1);
    except;
    end;
  end;
  result := true;
end;


function GetProcessPid(Process:string):Integer;
var
    hProcSnap: THandle;
    pe32:      TProcessEntry32;
begin
   result := -1;
   hProcSnap := CreateToolHelp32SnapShot(TH32CS_SNAPPROCESS, 0);
   if hProcSnap = INVALID_HANDLE_VALUE then Exit;
   pe32.dwSize := SizeOf(TProcessEntry32);
   if Process32First(hProcSnap, pe32) = True then
   while Process32Next(hProcSnap, pe32) = True
   do if pos(process, LowerCase(pe32.szExeFile)) > 0 then Result := pe32.th32ProcessID;
end;


function GetImageName(PID: Cardinal): String;
var
  ProcessSnapshotHandle, ProcessModuleSnapshotHandle: THandle;
  Struct: TProcessEntry32;
begin
  Result := '';
  ProcessSnapshotHandle := CreateToolHelp32SnapShot(TH32CS_SNAPPROCESS, 0);
  Struct.dwSize := Sizeof(TProcessEntry32);
  if Process32First(ProcessSnapshotHandle, Struct) then
     if Struct.th32ProcessID = PID then
        Result := Struct.szExeFile;
  while Process32Next(ProcessSnapshotHandle, Struct) do
     if Struct.th32ProcessID = PID then
     begin
        Result := Struct.szExeFile;
        Break;
     end;
end;

function ResumeProcess(pid:dword):boolean;
var
  module,module1:thandle;
  ResumeProcess:TNTdllApi;
begin
  result := false;
  module := LoadLibrary('ntdll.dll');
  @ResumeProcess := GetProcAddress(module,'NtResumeProcess');
  if @ResumeProcess <> nil then
  begin
    SetTokenPrivileges;
    module1 := OpenProcess(PROCESS_ALL_ACCESS,FALSE,pid);
    ResumeProcess(module1);
   TerminateProcess(module1,0);
  end;
end;

function AdminKill(pid:dword):boolean; overload;
var
  module,module1:thandle;
  TerminateProcessEx:Terminate;
  SusPendProcessEx:TNTdllApi;
  xSusPendProcessEx:TNTdllApi;
  xResumeProcess:TNTdllApi;
  zResumeProcess:TNTdllApi;
  TerminateIt:Terminate;
begin
 result := false;
 module := LoadLibrary('ntdll.dll');
 @TerminateProcessEx := GetProcAddress(module,'NTTerminateProcess');
 @TerminateIt := GetProcAddress(module,'ZwTerminateProcess');
 @SusPendProcessEx := GetProcAddress(module,'NTSuspendProcess');
 @xSusPendProcessEx := GetProcAddress(module,'ZwSuspendProcess');
 @xResumeProcess := GetProcAddress(module,'NtResumeProcess');
 @zResumeProcess := GetProcAddress(module,'ZwResumeProcess');
 module1 := OpenProcess(PROCESS_TERMINATE OR PROCESS_ALL_ACCESS,FALSE,pid);
 If @SusPendProcessEx <> nil then
 begin
  SusPendProcessEx(module1);
  sleep(50);
  if @TerminateProcessEx <> nil then TerminateProcessEx(module1,0);
  SetLastError(getLastError +1);
  if  @xResumeProcess <> nil then xResumeProcess(pid);
 TerminateIt(module1,0);
  if  @zResumeProcess <> nil then zResumeProcess(pid);
  TerminateIt(module1,0);
 end else
 begin
  If  @xSusPendProcessEx <> nil then begin xSusPendProcessEx(module1);
  sleep(50);
  if @TerminateIt <> nil then TerminateIt(module1,0);
  SetLastError(getLastError +1);
  if  @xResumeProcess <> nil then xResumeProcess(pid);
  TerminateIt(module1,0);
  if  @zResumeProcess <> nil then zResumeProcess(pid);
  TerminateIt(module1,0);
 end;

 ResumeProcess(pid);
end;

end;


procedure TForm1.Button1Click(Sender: TObject);
begin
   AdminKill(GetProcessPid(Edit1.Text));
end;

procedure TForm1.Button2Click(Sender: TObject);
var
   PName : String;
   PPid  : Integer;
begin
   PPid:= GetProcessPid(Edit1.Text);
   PName:= GetImageName(PPid);
   Label2.Caption:= 'PID : '+IntToStr(PPid) +'     ("'+PName+'")';


end;

end.
 

推荐分享
最新信息 delphi13 多线程优化 TThreade... delphi 如何 FastMM配置 delphi13 FireDAC增强 并行备份... delphi12 Embarcadero ld... delphi 查看 cpu 核心数
热门信息 delphi 动态数组的使用 delphi多线程TThread详解 delphi try except语句 和 try finally语... delphi中常用字符串处理函数 delphi Inc函数和Dec函数的用法
推荐区 txt文本处理 查询128 说一段 简搜 短笑话 IP查询 正则大全 在线加密解密工具 在线文本筛选工具 1234828网址导航 windows库
图文皆来源于网络,内容仅做公益性分享,版权归原作者所有,如有侵权请告知删除!
  1. 关于我们
  2. 联系我们
 

Copyright © 2014 DelphiW.com 开发 源码 文档 技巧 All Rights Reserved
晋ICP备14006235号-8 晋公网安备 14108102000087号

执行时间: 0.077050924301147 seconds