100分紧急求助强制结束一个进程的方法
我用FindWindow(vbNullString,"Upload")获取了 Upload 进程的句柄
然后用
TerminateProcess lnghwndHost,0&
来结束这个进程,为什么不行啊,谢谢 --------------------编程问答-------------------- 对WINAPI不太熟,
在纯C中用 fork() 创建, exit(pid) 终止.
LZ看看MSDN吧,应该很详细的,花点时间找找. --------------------编程问答-------------------- TerminateProcess
VB声明
Declare Function TerminateProcess Lib "kernel32" Alias "TerminateProcess" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long
说明
结束一个进程
在VB里使用
可以使用,但尽量不用
返回值
Long,非零表示成功,零表示失败。会设置GetLastError
参数表
参数 类型及说明
hProcess Long,指定要中断的一个进程的句柄
uExitCode Long,进程的一个退出代码
--------------------编程问答-------------------- GetLastError
VB声明
Declare Function GetLastError Lib "kernel32" Alias "GetLastError" () As Long
说明
针对之前调用的api函数,用这个函数取得扩展错误信息(在vb里使用:在vb中,用Err对象的GetLastError属性获取GetLastError的值。这样做是必要的,因为在api调用返回以及vb调用继续执行期间,vb有时会重设GetLastError的值)
返回值
Long,由api函数决定。请参考api32.txt文件,其中列出了一系列错误常数;都以ERROR_前缀起头。常用的错误代码见下表
ERROR_INVALID_HANDLE 无效的句柄作为一个参数传递
ERROR_CALL_NOT_IMPLEMENTED 在win 95下调用专为win nt设计的win32 api函数
ERROR_INVALID_PARAMETER 函数中有个参数不正确
注解
GetLastError返回的值通过在api函数中调用SetLastError或SetLastErrorEx设置。函数并无必要设置上一次错误信息,所以即使一次GetLastError调用返回的是零值,也不能担保函数已成功执行。只有在函数调用返回一个错误结果时,这个函数指出的错误结果才是有效的。通常,只有在函数返回一个错误结果,而且已知函数会设置GetLastError变量的前提下,才应访问GetLastError;这时能保证获得有效的结果。SetLastError函数主要在对api函数进行模拟的dll函数中使用,所以对vb应用程序来说是没有意义的
--------------------编程问答-------------------- FindWindow(vbNullString,"Upload")
获取了 Upload 进程的句柄
---------------
顾名而思义,哪是在找窗口句柄,不是进程!
GetWindowThreadProcessId可以通过窗口句柄取得进程的ID,然后openprocess,得到进程的句柄,最后TerminateProcess --------------------编程问答-------------------- 用PostMessage
丢个关闭消息过去就可以了 --------------------编程问答-------------------- Private Declare Function PostMessage& Lib "user32" Alias "PostMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Any)
Private Const WM_CLOSE = &H10
Private Sub Command1_Click()
PostMessage Me.hwnd, WM_CLOSE, 0, 0
End Sub
lz参考下 是不是你要的 --------------------编程问答-------------------- 我用FindWindow(vbNullString,"Upload")
获取了 Upload 进程的句柄
然后用
TerminateProcess lnghwndHost,0&
//
汗一个. --------------------编程问答-------------------- 送你个自己用的模块:
以下代码保存为ModFindProcess.bas
'*************************************************************************
'**模 块 名:ModFindProcess
'**说 明:进程相关操作
'**创 建 人:马大哈 http://www.m5home.com/
'**日 期:2006年3月18日
'**日 期:2007年1月23日
'**描 述:改进了结束进程的条件,可以根据PID来结束
'**版 本:V1.3
'*************************************************************************
Option Explicit
Private Declare Function ProcessFirst Lib "kernel32" Alias "Process32First" (ByVal hSnapshot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function ProcessNext Lib "kernel32" Alias "Process32Next" (ByVal hSnapshot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function CreateToolhelpSnapshot Lib "kernel32" Alias "CreateToolhelp32Snapshot" (ByVal lFlags As Long, lProcessID As Long) As Long
Private Declare Function TerminateProcess Lib "kernel32" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Const FORMAT_MESSAGE_ALLOCATE_BUFFER = &H100
Private Const FORMAT_MESSAGE_FROM_SYSTEM = &H1000
Private Const TH32CS_SNAPPROCESS As Long = 2&
Private Const PROCESS_TERMINATE = 1
Private Type PROCESSENTRY32
dwSize As Long
cntUsage As Long
th32ProcessID As Long
th32DefaultHeapID As Long
th32ModuleID As Long
cntThreads As Long
th32ParentProcessID As Long
pcPriClassBase As Long
dwFlags As Long
szexeFile As String * 260
End Type
Private Type MyProcess
ExeName As String
PID As Long
End Type
Public Function CloseProcess(Optional ByVal ProName As String, Optional ByVal PID As Long) As Integer
'传入进程名或PID,结束相应进程
Dim tPid As Long
Dim tPHwnd As Long
Dim ProArr() As String, PIDArr() As Long
Dim I As Long
Call ListProcess(ProArr, PIDArr)
For I = 1 To UBound(ProArr)
If PIDArr(I) = PID Or ProArr(I) = ProName Then '配对进程ID或进程名
Exit For
End If
Next I
If I > UBound(PIDArr) Then Exit Function
tPid = PIDArr(I)
tPHwnd = OpenProcess(PROCESS_TERMINATE, False, tPid)
Debug.Print tPHwnd
If tPHwnd Then
CloseProcess = TerminateProcess(tPHwnd, 0)
End If
End Function
Public Function FindProcess(ByVal ProName As String, Optional ByRef PID As Long) As Boolean
'传入进程名,如果进程存在,在PID里返回进程ID,函数返回True,否则返回Flase
'ProName: 指定进程名
'PID: 如果进程名存在,返回其PID
'返回值: 进程名存在返回TRUE,否则返回FALSE
Dim ProArr() As String, PIDArr() As Long
Dim I As Long
Call ListProcess(ProArr, PIDArr)
For I = 1 To UBound(ProArr)
If ProArr(I) = ProName Then
PID = PIDArr(I)
FindProcess = True
Exit For
End If
Next I
End Function
Public Function ListProcess(ByRef ProExeName() As String, ByRef ProPid() As Long)
'列出进程以及相应PID
'ProExeName(): 进程名
'ProPid(): 相应的PID
Dim MyProcess As PROCESSENTRY32
Dim mySnapshot As Long
Dim ProData() As MyProcess
Dim I As Long
ReDim ProData(0)
MyProcess.dwSize = Len(MyProcess)
mySnapshot = CreateToolhelpSnapshot(TH32CS_SNAPPROCESS, 0&)
ProcessFirst mySnapshot, MyProcess
ReDim Preserve ProData(UBound(ProData) + 1)
ProData(UBound(ProData)).ExeName = Left(MyProcess.szexeFile, InStr(MyProcess.szexeFile, Chr(0)) - 1)
ProData(UBound(ProData)).PID = MyProcess.th32ProcessID
'Debug.Print ProData(UBound(ProData)).ExeName
MyProcess.szexeFile = ""
While ProcessNext(mySnapshot, MyProcess)
ReDim Preserve ProData(UBound(ProData) + 1)
ProData(UBound(ProData)).ExeName = Left(MyProcess.szexeFile, InStr(MyProcess.szexeFile, Chr(0)) - 1)
ProData(UBound(ProData)).PID = MyProcess.th32ProcessID
' Debug.Print ProData(UBound(ProData)).ExeName
MyProcess.szexeFile = ""
Wend
ReDim ProExeName(UBound(ProData))
ReDim ProPid(UBound(ProData))
For I = 1 To UBound(ProData)
With ProData(I)
ProExeName(I) = .ExeName
ProPid(I) = .PID
End With
Next I
End Function
测试代码:
'新建窗体,添加两个按钮.--------------------编程问答-------------------- up --------------------编程问答-------------------- 老马的代码不错
'Command1为列出进程,Command2为结束某进程.
Option Explicit
Private Sub Command1_Click()
Dim I As Long, tPro() As String, tPid() As Long
Call ListProcess(tPro, tPid)
For I = 0 To UBound(tPro)
Debug.Print tPro(I) & vbTab & tPid(I)
Next I
End Sub
Private Sub Command2_Click()
Call CloseProcess("qq.exe")
End Sub
有个地方可能需要改进一下,
If PIDArr(I) = PID Or ProArr(I) = ProName Then '配对进程ID或进程名
Exit For
End If
==>
If (PIDArr(I) = PID Or ProArr(I) = ProName) and PIDArr(i) <> 0 Then '配对进程ID或进程名
Exit For
End If
进程ID为0可以排除在外.
--------------------编程问答-------------------- 嗯,没错~~~感谢提醒!!! --------------------编程问答-------------------- 老马程序修改后有效。 --------------------编程问答-------------------- 又一个不结帖的. --------------------编程问答-------------------- 现在一个三角的,很少有结贴的 --------------------编程问答-------------------- 软件破解群35780346
从事专业软件逆向 软解破解 精通汇编,精通静态 动态的调试工具,
供大家交流学习。 --------------------编程问答-------------------- 去别人的家里,至少得遵重别人的规则吧....
现在的人觉悟越来越低了.....
这个LZ有几种情况:
一是工作忙;
二是问题解决就闪人,没有想过再来这里;
三是不懂怎么结.
CSDN得想点办法来处理这个问题. --------------------编程问答-------------------- 有些进程利用API Hook手段防止进程结束,这时可以将OpenProcess函数替换为NtOpenProcess再次尝试。
具体代码如下
Opion Explicit
'ProcessHandle 为输出 其余为输入
Private Declare Function NtOpenProcess Lib "ntdll.dll" ( _
ByRef ProcessHandle As Long, _
ByVal AccessMask As Long, _
ByRef ObjectAttributes As OBJECT_ATTRIBUTES, _
ByRef ClientId As CLIENT_ID) As Long
Private Type OBJECT_ATTRIBUTES
Length As Long
RootDirectory As Long
ObjectName As Long 'PUNICODE_STRING 的指针
Attributes As Long
SecurityDescriptor As Long
SecurityQualityOfService As Long
End Type
Private Type CLIENT_ID
UniqueProcess As Long
UniqueThread As Long
End Type
Private Sub Form_Load()
Dim oa As OBJECT_ATTRIBUTES, ci As CLIENT_ID
oa.Length = Len(oa)
ci.UniqueProcess = 364 '需要打开的PID
ci.UniqueThread = 0
Dim ret As Long
MsgBox NtOpenProcess(ret, &H400, oa, ci)
MsgBox ret
End Sub
--------------------编程问答-------------------- ykhyfhyfy --------------------编程问答-------------------- ykhyfhyfy --------------------编程问答-------------------- 先找到这个程序的PID,然后用NTST -C Q -P PID来干掉它,当然也可以在VB中用SHELL来办到 --------------------编程问答-------------------- so easy
通过windowhandler可以找到进程id,然后openprocess,获取到该进程的全部权限,然后terminateprocess,就可以了。 --------------------编程问答-------------------- 调用DOS命令:ntsd -c q -p PID
ntsd不能杀死System、SMSS.EXE和CSRSS.EXE,其它进程都可以用此命令结束进程。
--------------------编程问答-------------------- 【CBM666 的木马EXE专杀】
http://download.csdn.net/source/358139
【CBM666 的实时监控QQ】
http://hi.baidu.com/cbm666/blog/item/9b568c54d722dc1c3b2935cc.html
【CBM666 的以类名或窗口标题查找句柄并关闭】http://hi.baidu.com/cbm666/blog/item/00f7b93867d52cc0d4622505.html
--------------------编程问答--------------------
方法多多,有文明一点的,例如投递退出消息,Postmessage就可以,但是需要目标进程也是文明的;有稍微暴力一点的,某某API
有更暴力一点的,某某某API,但是导致目标进程的内存不会释放
虽然以上都有点暴力。。。。不过有些进程还是干不死,那就只能说明对方是很不文明的,,,我们一般就可以破坏其内存了。。。。直接写数据,可以把它的数据全写了,也可以。。。。。。。写一个终止运行的代码进去。。。。当然了这里可以用R3上的,如果不成,干脆用NT系列。。。。。。。。。。。。。API。如果还不行啊,还有一些复方:例如某些调试函数。。。。。。。。。。。。
小可就知道这些了。。。。。。
补充:VB , API
