词条信息
|
| 进程_强力结束进程 | 逻辑型 | |
|
| hProcess | 整数型 | | | |
ExitStatus | 整数型 | | | |
| 变量名 | 类 型 | 静态 | 数组 | 备 注 |
| st | 整数型 | | |
| hJob | 整数型 | | |
| oa | OBJECT_ATTRIBUTES | | |
| ret | 逻辑型 | | |
ret = 假
oa.Length = 24
st =
ZwCreateJobObject (hJob,
#JOB_OBJECT_ALL_ACCESS, oa
)
如果真 (st ≥ 0
)
st =
ZwAssignProcessToJobObject (hJob, hProcess
)如果真 (st ≥ 0
)st =
ZwTerminateJobObject (hJob, ExitStatus
)如果真 (st ≥ 0
)ret = 真
ZwClose (hJob)
如果真 (ret =
假)st =
ZwTerminateProcess (hProcess, ExitStatus
)如果真 (st ≥ 0
)ret = 真
返回 (ret)|
| 进程_强力打开进程 | 整数型 | |
|
| dwDesiredAccess | 整数型 | | | |
bInhert | 逻辑型 | | | | ProcessId | 整数型 | | | |
| 变量名 | 类 型 | 静态 | 数组 | 备 注 |
| st | 整数型 | | |
| cid | CLIENT_ID | | |
| oa | OBJECT_ATTRIBUTES | | |
| NumOfHandle | 整数型 | | |
| pbi | PROCESS_BASIC_INFORMATION | | |
| i | 整数型 | | |
| hProcessToDup | 整数型 | | |
| hProcessCur | 整数型 | | |
| hProcessToRet | 整数型 | | |
| h_info | SYSTEM_HANDLE_TABLE_ENTRY_INFO | | |
| retlen | 整数型 | | |
| a | 字节集 | | |
| b | 整数型 | | |
| c | 字节集 | | |
| ret | 整数型 | | |
oa.Length = 24
如果真 (bInhert
)oa.Attributes =
位或 (oa.Attributes,
#OBJ_INHERIT )cid.UniqueProcess = ProcessId + 1st =
ZwOpenProcess (hProcessToRet, dwDesiredAccess, oa, cid
)如果真 (st ≥ 0
)ret = hProcessToRet
返回 (ret
)retlen = 1
循环判断首 ()a =
取空白字节集 (retlen
)ret =
ZwQuerySystemInformation (16, a, retlen, 0
)如果 (ret =
#STATUS_INFO_LENGTH_MISMATCH )retlen = retlen × 2
a =
取空白字节集 (retlen
)
跳出循环 ()
循环判断尾 (ret =
#STATUS_INFO_LENGTH_MISMATCH )b =
取指针_字节集 (a, a, 0
)RtlMoveMemory3 (NumOfHandle, b, 4
)b = b + 4
计次循环首 (NumOfHandle, i
)RtlMoveMemory1 (h_info, b, 16
)如果真 (h_info.ObjectTypeIndex =
#OB_TYPE_PROCESS )cid.UniqueProcess = h_info.UniqueProcessId
st =
ZwOpenProcess (hProcessToDup,
#PROCESS_DUP_HANDLE, oa, cid
)如果真 (st ≥ 0
)st =
ZwDuplicateObject (hProcessToDup, h_info.HandleValue,
#ZwGetCurrentProcess, hProcessCur,
#PROCESS_ALL_ACCESS, 0,
#DUPLICATE_SAME_ATTRIBUTES )如果真 (st ≥ 0
)st =
ZwQueryInformationProcess (hProcessCur, 0, pbi, 24, 0
)如果真 (st ≥ 0
)如果真 (pbi.UniqueProcessId = ProcessId
)st =
ZwDuplicateObject (hProcessToDup, h_info.HandleValue,
#ZwGetCurrentProcess, hProcessToRet, dwDesiredAccess,
#OBJ_INHERIT, #DUPLICATE_SAME_ATTRIBUTES )如果真 (st ≥ 0
)ret = hProcessToRet
st = ZwClose (hProcessCur)st = ZwClose (hProcessToDup)b = b + 16计次循环尾 ()返回 (ret
)|
| ZwQuerySystemInformation | 整数型 | |
|
| ntdll.dll |
|
| ZwQuerySystemInformation |
|
| SystemInformationClass | 整数型 | | |
| SystemInformation | 字节集 | | |
| SystemInformationLength | 整数型 | | |
| ReturnLength | 整数型 | | |
|
| 取指针_字节集 | 整数型 | |
|
| |
|
| lstrcpyn |
|
| 欲取其指针 | 字节集 | | |
| 欲取其指针 | 字节集 | | |
| 保留 | 整数型 | | |
|
| RtlMoveMemory3 | 整数型 | |
|
| |
|
| RtlMoveMemory |
|
| dest | 整数型 | | |
| Source | 整数型 | | |
| len | | | |
|
| ZwOpenProcess | 整数型 | |
|
| ntdll.dll |
|
| ZwOpenProcess |
|
| hProcess | 整数型 | | |
| DesiredAccess | 整数型 | | |
| ObjectAttributes | OBJECT_ATTRIBUTES | | |
| ClientId | CLIENT_ID | | |
|
| RtlMoveMemory1 | 整数型 | |
|
| |
|
| RtlMoveMemory |
|
| dest | SYSTEM_HANDLE_TABLE_ENTRY_INFO | | |
| Source | 整数型 | | |
| len | | | |
|
| ZwQueryInformationProcess | 整数型 | |
|
| ntdll.dll |
|
| ZwQueryInformationProcess |
|
| SystemInformationClass | 整数型 | | |
| dd | 整数型 | | |
| SystemInformation | PROCESS_BASIC_INFORMATION | | |
| SystemInformationLength | 整数型 | | |
| ReturnLength | 整数型 | | |
|
| ZwDuplicateObject | 整数型 | |
|
| ntdll.dll |
|
| ZwDuplicateObject |
|
| SourceProcessHandle | 整数型 | | |
| SourceHandle | 整数型 | | |
| TargetProcessHandle | 整数型 | | |
| TargetHandle | 整数型 | | |
| DesiredAccess | 整数型 | | |
| HandleAttributes | 整数型 | | |
| Options | 整数型 | | |
|
| ZwCreateJobObject | 整数型 | |
|
| ntdll.dll |
|
| ZwCreateJobObject |
|
| JobHandle | 整数型 | | |
| DesiredAccess | 整数型 | | |
| ObjectAttributes | OBJECT_ATTRIBUTES | | |
|
| ZwAssignProcessToJobObject | 整数型 | |
|
| ntdll.dll |
|
| ZwAssignProcessToJobObject |
|
| JobHandle | 整数型 | | |
| ProcessHandle | 整数型 | | |
|
| ZwTerminateJobObject | 整数型 | |
|
| ntdll.dll |
|
| ZwTerminateJobObject |
|
| JobHandle | 整数型 | | |
| ExitStatus | 整数型 | | |
|
| ZwTerminateProcess | 整数型 | |
|
| ntdll.dll |
|
| ZwTerminateProcess |
|
| ProcessHandle | 整数型 | | |
| ExitStatus | 整数型 | | |
|
| ZwClose | 整数型 | |
|
| ntdll.dll |
|
| ZwClose |
|
| hnd | | | |
|
| CLIENT_ID | |
|
| UniqueProcess | 整数型 | | |
| UniqueThread | 整数型 | | |
|
| OBJECT_ATTRIBUTES | |
|
| Length | 整数型 | | |
| RootDirectory | 整数型 | | |
| ObjectName | 整数型 | | |
| Attributes | 整数型 | | |
| SecurityDescriptor | 整数型 | | |
| SecurityQualityOfService | 整数型 | | |
|
| PROCESS_BASIC_INFORMATION | |
|
| ExitStatus | 整数型 | | |
| PebBaseAddress | 整数型 | | |
| AffinityMask | 整数型 | | |
| BasePriority | 整数型 | | |
| UniqueProcessId | 整数型 | | |
| InheritedFromUniqueProcessId | 整数型 | | |
|
| MEMORY_BASIC_INFORMATION | |
|
| BaseAddress | 整数型 | | |
| AllocationBase | 整数型 | | |
| AllocattionProtect | 整数型 | | |
| RegionSize | 整数型 | | |
| State | 整数型 | | |
| Protect | 整数型 | | |
| Type | 整数型 | | |
|
| SYSTEM_HANDLE_TABLE_ENTRY_INFO | |
|
| UniqueProcessId | 短整数型 | | |
| CreatorBackTraceIndex | 短整数型 | | |
| ObjectTypeIndex | 字节型 | | |
| HandleAttributes | 字节型 | | |
| HandleValue | 短整数型 | | |
| pObject | 整数型 | | |
| GrantedAccess | 整数型 | | |
|
| PROCESS_ALL_ACCESS | | √ |
| STATUS_INFO_LENGTH_MISMATCH | 7 | √ |
| STATUS_SUCCESS | | √ |
| PROCESS_QUERY_INFORMATION | | √ |
| STATUS_INVALID_PARAMETER | 7 | √ |
| OBJ_INHERIT | | √ |
| DUPLICATE_CLOSE_SOURCE | | √ |
| DUPLICATE_SAME_ACCESS | | √ |
| DUPLICATE_SAME_ATTRIBUTES | | √ |
| OB_TYPE_PROCESS | | √ |
| ZwGetCurrentProcess | | √ |
| PROCESS_DUP_HANDLE | | √ |
| JOB_OBJECT_ALL_ACCESS | | √ |
词条作者信息
使用例程
参与校正错误的易友
