黑客编程课程（十）查杀进程

黑客编程教程（十）查杀进程

                                           第十节 查杀进程我们在编写木马和后门程序时,列出和查杀进程是非常重要的.列出进程我们使用palist函数:void pslist(void){HANDLE hProcessSnap = NULL;PROCESSENTRY32 pe32= {0};hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);if (hProcessSnap == (HANDLE)-1){printf("\nCreateToolhelp32Snapshot() failed:%d",GetLastError());return ;}pe32.dwSize = sizeof(PROCESSENTRY32);printf("\nProcessName　　　　 ProcessID");if (Process32First(hProcessSnap, &pe32)){char a[5];do{itoa(pe32.th32ProcessID,a,10);printf("\n%-20s%d",pe32.szExeFile,pe32.th32ProcessID);}while (Process32Next(hProcessSnap, &pe32));}else{ printf("\nProcess32Firstt() failed:%d",GetLastError());}CloseHandle (hProcessSnap);return;}上边的代码列出了进程的PID,有了PID我们就可以使用PSKILL杀进程:BOOL killps(DWORD id){HANDLE hProcess=NULL,hProcessToken=NULL;BOOL IsKilled=FALSE,bRet=FALSE;try{if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ALL_ACCESS,&hProcessToken)){printf("\nOpen Current Process Token failed:%d",GetLastError());leave;}//printf("\nOpen Current Process Token ok!");if(!SetPrivilege(hProcessToken,SE_DEBUG_NAME,TRUE)){leave;}printf("\nSetPrivilege ok!");if((hProcess=OpenProcess(PROCESS_ALL_ACCESS,FALSE,id))==NULL){printf("\nOpen Process %d failed:%d",id,GetLastError());leave;}//printf("\nOpen Process %d ok!",id);if(!TerminateProcess(hProcess,1)){printf("\nTerminateProcess failed:%d",GetLastError());leave;}IsKilled=TRUE;}finally{if(hProcessToken!=NULL) CloseHandle(hProcessToken);if(hProcess!=NULL) CloseHandle(hProcess);}return(IsKilled);}BOOL SetPrivilege(HANDLE hToken,LPCTSTR lpszPrivilege,BOOL bEnablePrivilege)     //提升权限{TOKEN_PRIVILEGES tp;LUID luid;if(!LookupPrivilegeValue(NULL,lpszPrivilege,&luid)){printf("\nLookupPrivilegeValue error:%d", GetLastError() ); return FALSE; }tp.PrivilegeCount = 1;tp.Privileges[0].Luid = luid;if (bEnablePrivilege)tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;elsetp.Privileges[0].Attributes = 0;AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES) NULL, (PDWORD) NULL); if (GetLastError() != ERROR_SUCCESS) { printf("AdjustTokenPrivileges failed: %u\n", GetLastError() ); return FALSE; } return TRUE;}