上一篇
下一篇
一些Ring3下结束进程的方法.Ring3 terminate-process method
作者:gaby 日期:2010-03-19
OpenProcess->TerminateProcess 这个很常用
OpenProcess->CreateRemoteThread->ExitProcess 这个比较麻烦
下面的大多数是用ntdll.dll中的函数了。。用来结束一些顽固进程
Thread32First/Thread32Next->OpenThread->TerminateThread
DebugActiveProcess
ZwOpenProcess->ZwTerminateProcess
ZwOpenProcess(PID+1/+2/+3)->ZwTerminateProcess
ZwOpenProcess->ZwProtectVirtualMemory->ZwWriteVirtualMemory
ZwQueryInformationProcess->ZwOpenThread->ZwTerminateThread
ZwQuerySystemInformation->ZwOpenProcess->ZwDuplicateHandle->ZwQueryInformationProcess->ZwTerminateProcess
ZwQuerySystemInformation->ZwOpenProcess->ZwDuplicateHandle->ZwQueryInformationThread->ZwTerminateThread
ZwQuerySystemInformation->ZwOpenProcess->ZwDuplicateHandle->ZwQueryInformationProcess->DbgUiDebugActiveProcess
3种经典方法:
PostMessage(WM_CLOSE)
PostMessage(WM_QUIT)
PostMessage(NC_DESTORY)
OpenProcess->CreateRemoteThread->ExitProcess 这个比较麻烦
下面的大多数是用ntdll.dll中的函数了。。用来结束一些顽固进程
Thread32First/Thread32Next->OpenThread->TerminateThread
DebugActiveProcess
ZwOpenProcess->ZwTerminateProcess
ZwOpenProcess(PID+1/+2/+3)->ZwTerminateProcess
ZwOpenProcess->ZwProtectVirtualMemory->ZwWriteVirtualMemory
ZwQueryInformationProcess->ZwOpenThread->ZwTerminateThread
ZwQuerySystemInformation->ZwOpenProcess->ZwDuplicateHandle->ZwQueryInformationProcess->ZwTerminateProcess
ZwQuerySystemInformation->ZwOpenProcess->ZwDuplicateHandle->ZwQueryInformationThread->ZwTerminateThread
ZwQuerySystemInformation->ZwOpenProcess->ZwDuplicateHandle->ZwQueryInformationProcess->DbgUiDebugActiveProcess
3种经典方法:
PostMessage(WM_CLOSE)
PostMessage(WM_QUIT)
PostMessage(NC_DESTORY)
文章来自: 
引用通告: 
Tags: 评论: 0 | 引用: 0 | 查看次数: 155
发表评论
