关于中止进程的问题
有一个可以中止指定进程的程序,代码附后。这个程序好像只能中止部分程序的进程,有些进程无法被中止。比如IceWord的进程就无法中止,请问有哪位知道原因吗?是否有什么程序可以中止这样的进程呢?附:中止指定进程的程序代码
Option Explicit
Private Const MAX_PATH As Integer = 260
Private Const TH32CS_SNAPPROCESS = &H2
Private Const PROCESS_ALL_ACCESS = &H1F0FFF
Private Type PROCESSENTRY32
dwSize As Long
cntUsage As Long
th32ProcessID As Long
th32DefaultHeapID As Long
th32ModuleID As Long
cntThreads As Long
th32ParentProcessID As Long
pcPriClassBase As Long
dwFlags As Long
szExeFile As String * MAX_PATH
End Type
Private Declare Function CreateToolhelp32Snapshot Lib "kernel32.dll" (ByVal lFlags As Long, ByVal lProcessID As Long) As Long
Private Declare Function CloseHandle Lib "kernel32.dll" (ByVal hObject As Long) As Long
Private Declare Function ProcessFirst Lib "kernel32.dll" Alias "Process32First" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function ProcessNext Lib "kernel32.dll" Alias "Process32Next" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function OpenProcess Lib "kernel32.dll" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function GetExitCodeProcess Lib "kernel32.dll" (ByVal hProcess As Long, lpExitCode As Long) As Long
Private Declare Function TerminateProcess Lib "kernel32.dll" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long
Private Sub Command1_Click()
Dim ret As Long
ret = CloseTargetProcess(Text1.Text)
If ret = 0 Then
MsgBox "终止进程失败。", , "提示"
Else
MsgBox "进程已被终止。", , "提示"
End If
End Sub
Private Function CloseTargetProcess(ByVal lpProcess As String) As Boolean
Dim dwProcessId As Long
Dim hSnapShot As Long
Dim pe32 As PROCESSENTRY32
Dim hProcess As Long
Dim lpExitCode As Long
hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)
pe32.dwSize = LenB(pe32)
ProcessFirst hSnapShot, pe32
Do
If Replace(pe32.szExeFile, Chr$(0), "") = lpProcess Then
dwProcessId = pe32.th32ProcessID
Exit Do
Else
pe32.szExeFile = String(MAX_PATH, 0)
End If
Loop While (ProcessNext(hSnapShot, pe32))
CloseHandle (hSnapShot)
If dwProcessId = 0 Then
CloseTargetProcess = False
Exit Function
End If
hProcess = OpenProcess(PROCESS_ALL_ACCESS, False, dwProcessId)
If hProcess = 0 Then
CloseTargetProcess = False
Exit Function
End If
If GetExitCodeProcess(hProcess, lpExitCode) = 0 Then
CloseTargetProcess = False
CloseHandle (hProcess)
Exit Function
End If
If TerminateProcess(hProcess, lpExitCode) = 0 Then
CloseTargetProcess = False
Else
CloseTargetProcess = True
End If
CloseHandle (hProcess)
End Function
Private Sub Command2_Click()
Unload Me
End Sub
--------------------编程问答-------------------- 有些程序拦截了API,而且IceWord非一般软件更加不可能被终止了。常规方法是终止不了的 --------------------编程问答-------------------- 我来给你代码吧,以前一个高手告诉我的!呵呵
你直接使用就可以了,不过自己加控件
Option Explicit
Private Declare Function CreateToolhelpSnapshot Lib "kernel32" Alias "CreateToolhelp32Snapshot" (ByVal lFlags As Long, ByVal lProcessID As Long) As Long
Private Declare Function ProcessFirst Lib "kernel32" Alias "Process32First" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function ProcessNext Lib "kernel32" Alias "Process32Next" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function TerminateProcess Lib "kernel32" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Const MAX_PATH As Integer = 260
Private Type PROCESSENTRY32
dwSize As Long
cntUsage As Long
th32ProcessID As Long
th32DefaultHeapID As Long
th32ModuleID As Long
cntThreads As Long
th32ParentProcessID As Long
pcPriClassBase As Long
dwFlags As Long
szExeFile As String * MAX_PATH
End Type
Const TH32CS_SNAPheaplist = &H1
Const TH32CS_SNAPPROCESS = &H2
Const TH32CS_SNAPthread = &H4
Const TH32CS_SNAPmodule = &H8
Const TH32CS_SNAPall = TH32CS_SNAPPROCESS + TH32CS_SNAPheaplist + TH32CS_SNAPthread + TH32CS_SNAPmodule
Private Sub Command1_Click()
Dim i As Long, lPid As Long
Dim Proc As PROCESSENTRY32
Dim hSnapShot As Long
ListView1.ListItems.Clear '清空ListView
hSnapShot = CreateToolhelpSnapshot(TH32CS_SNAPall, 0) '获得进程“快照”的句柄
Proc.dwSize = Len(Proc)
lPid = ProcessFirst(hSnapShot, Proc) '获取第一个进程的PROCESSENTRY32结构信息数据
i = 0
Do While lPid <> 0 '当返回值非零时继续获取下一个进程
ListView1.ListItems.Add , "a" & i, Hex(Proc.th32ProcessID) '将进程ID添加到ListView1第一列
ListView1.ListItems("a" & i).SubItems(1) = Proc.szExeFile '将进程名添加到ListView1第二列
i = i + 1
lPid = ProcessNext(hSnapShot, Proc) '循环获取下一个进程的PROCESSENTRY32结构信息数据
Loop
CloseHandle hSnapShot '关闭进程“快照”句柄
End Sub
Private Sub Command2_Click()
Dim lPHand As Long, TMBack As Long
If ListView1.SelectedItem.Text <> "" Then
If MsgBox("确实要结束进程[" & ListView1.SelectedItem.SubItems(1) & "]吗?", vbYesNo) = vbYes Then
lPHand = Val("&H" & ListView1.SelectedItem.Text)
lPHand = OpenProcess(1&, True, lPHand) '获取进程句柄
TMBack = TerminateProcess(lPHand, 0&) '关闭进程
If TMBack <> 0 Then
MsgBox ListView1.SelectedItem.SubItems(1) & "已经被终止!"
Else
MsgBox ListView1.SelectedItem.SubItems(1) & "不能被终止!"
End If
CloseHandle lPHand
Command1_Click '刷新进程列表
End If
End If
End Sub
Private Sub form_Load()
Me.Caption = "进程管理器"
Command1.Caption = "刷新"
Command2.Caption = "结束进程"
ListView1.ColumnHeaders.Clear
ListView1.ColumnHeaders.Add , "a", "进程ID", 600
ListView1.ColumnHeaders.Add , "b", "进程名", 4000
ListView1.View = lvwReport
Command1_Click '刷新进程列表
End Sub
--------------------编程问答-------------------- 冰刀这种级数的东西不是一般的方法可以结束的
另外,别人启动时要是用户等级比你高(比如SYSTE权限,ISCSICAKE就是这样),也是无法直接结束的.
这里还不说HOOK了OpenProcess之类API的情况......... --------------------编程问答-------------------- 不要打IceSword的主意好不好,那是我杀毒的最后一招了 --------------------编程问答-------------------- 可能我拿IceSword举例让大家误会了。其实我是想自己做一个比较强大一点的进程管理工具,因为现在病毒太厉害了,我想用这个工具来处理那些比较顽固的病毒进程。但是我暂时还没有合适的病毒样本,只好拿IceSword举个例子了。对于一般的进程我自己那个程序完全能够应付。ZOU_SEAFARER(颓废程序员^_^) 的程序基本原理和我那个应该一样,所以也只能对付一般级别的进程。
补充:VB , API
