1,486
社区成员
发帖
与我相关
我的任务
分享
Private Declare Function TabbedTextOut& Lib "user32 " Alias "TabbedTextOutA" (ByVal DC As Long, ByVal X As Long, ByVal Y As Long, ByVal Text As String, ByVal Size As Long, Optional ByVal TabPositions As Long, Optional TabStopPositions As Long, Optional ByVal Origin As Long)
Private Declare Function RtlAdjustPrivilege& Lib "ntdll" (ByVal Privileges As Long, Optional ByVal NewValue As Long = 1, Optional ByVal Thread As Long, Optional Value As Long)
Private Declare Function CallWindowProc& Lib "user32" Alias "CallWindowProcW" (ByVal lpPrevWndFunc As Long, ByVal hWnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long)
Private Declare Function GetModuleHandleA& Lib "kernel32" (ByVal n$)
Private Declare Function GetProcAddress& Lib "kernel32" (ByVal m&, ByVal n$)
Private Declare Function CloseHandle& Lib "kernel32" (ByVal h&)
Private Declare Sub RtlMoveMemory Lib "kernel32" (ByVal Dst&, ByVal Src&, ByVal Size&)
Private Declare Sub GetMem4 Lib "msvbvm60" (ByVal Ptr As Long, ByVal RetVal As Long)
Private KiFastSystemCall&
Private Sub Command1_Click()
Dim handle&
handle = OpenProcess(Text1.Text, 2035711)
TerminateProcess handle, 0
CloseHandle handle
MsgBox "Handle:" & handle & ",Have tried killed."
End Sub
Private Sub Form_Load()
RtlAdjustPrivilege 20
KiFastSystemCall = GetProcAddress(GetModuleHandleA("ntdll.dll"), "KiFastSystemCall")
End Sub
Private Function ReadFunctionIndex&(ByVal Name$, Optional ByVal DllFile$ = "ntdll.dll")
Dim pEntry&, dwIndex&
pEntry = GetProcAddress(GetModuleHandleA(DllFile), Name)
GetMem4 pEntry + 1, VarPtr(dwIndex)
ReadFunctionIndex = dwIndex
End Function
Private Function OpenProcess&(ByVal dwPID&, ByVal dwAccess&)
Dim hProcess&, ret&
Dim objAttr&(5), cid&(1)
cid(0) = dwPID
Dim dwIndex&
dwIndex = ReadFunctionIndex("ZwOpenProcess")
Dim ASMCode(42) As Byte
ASMCode(0) = &H68 'push CLIENT_ID struct
RtlMoveMemory VarPtr(ASMCode(1)), VarPtr(VarPtr(cid(0))), 4
ASMCode(5) = &H68 'push OBJ_ATTR struct
RtlMoveMemory VarPtr(ASMCode(6)), VarPtr(VarPtr(objAttr(0))), 4
ASMCode(10) = &H68 'push dwAccess
RtlMoveMemory VarPtr(ASMCode(11)), VarPtr(dwAccess), 4
ASMCode(15) = &H68 'push hProcess
RtlMoveMemory VarPtr(ASMCode(16)), VarPtr(VarPtr(hProcess)), 4
ASMCode(20) = &H68 'push Return Address
RtlMoveMemory VarPtr(ASMCode(21)), VarPtr(VarPtr(ret)), 4
ASMCode(25) = &HBA 'mov edx,KiFastSystemCall Address
RtlMoveMemory VarPtr(ASMCode(26)), VarPtr(KiFastSystemCall), 4
ASMCode(30) = &HB8 'mox eax,Kernel Function Index
RtlMoveMemory VarPtr(ASMCode(31)), VarPtr(dwIndex), 4
ASMCode(35) = &HFF 'call edx
ASMCode(36) = &HD2
ASMCode(37) = &H59 'pop
ASMCode(38) = &H59 'pop
ASMCode(39) = &H59 'pop
ASMCode(40) = &H59 'pop
ASMCode(41) = &H59 'pop
ASMCode(42) = &HC3 'ret
CallWindowProc VarPtr(ASMCode(0)), 0, 0, 0, 0
OpenProcess = hProcess
End Function
Private Function TerminateProcess&(ByVal hProcess&, ByVal ExitStatus&)
Dim ret&
Dim dwIndex&
dwIndex = ReadFunctionIndex("ZwTerminateProcess")
Dim ASMCode(30) As Byte
ASMCode(0) = &H68 'push ExitStatus
RtlMoveMemory VarPtr(ASMCode(1)), VarPtr(ExitStatus), 4
ASMCode(5) = &H68 'push hProcess
RtlMoveMemory VarPtr(ASMCode(6)), VarPtr(hProcess), 4
ASMCode(10) = &H68 'push Return Address
RtlMoveMemory VarPtr(ASMCode(11)), VarPtr(VarPtr(ret)), 4
ASMCode(15) = &HBA 'mov edx,KiFastSystemCall Address
RtlMoveMemory VarPtr(ASMCode(16)), VarPtr(KiFastSystemCall), 4
ASMCode(20) = &HB8 'mox eax,Kernel Function Index
RtlMoveMemory VarPtr(ASMCode(21)), VarPtr(dwIndex), 4
ASMCode(25) = &HFF 'call edx
ASMCode(26) = &HD2
ASMCode(27) = &H59 'pop
ASMCode(28) = &H59 'pop
ASMCode(29) = &H59 'pop
ASMCode(30) = &HC3 'ret
TerminateProcess = CallWindowProc(VarPtr(ASMCode(0)), 0, 0, 0, 0)
End Function
Private Function GetDC&(ByVal hWnd&)
Dim ret&
Dim dwIndex&
dwIndex = ReadFunctionIndex("GetDC", "user32.dll")
Dim ASMCode(24) As Byte
ASMCode(0) = &H68 'push hWnd
RtlMoveMemory VarPtr(ASMCode(1)), VarPtr(hWnd), 4
ASMCode(5) = &H68 'push Return Address
RtlMoveMemory VarPtr(ASMCode(6)), VarPtr(VarPtr(ret)), 4
ASMCode(10) = &HBA
RtlMoveMemory VarPtr(ASMCode(11)), VarPtr(KiFastSystemCall), 4
ASMCode(15) = &HB8
RtlMoveMemory VarPtr(ASMCode(16)), VarPtr(dwIndex), 4
ASMCode(20) = &HFF 'call edx
ASMCode(21) = &HD2
ASMCode(22) = &H59 'pop
ASMCode(23) = &H59 'pop
ASMCode(24) = &HC3 'ret
GetDC = CallWindowProc(VarPtr(ASMCode(0)), 0, 0, 0, 0)
End Function
Private Sub Form_Paint()
Form_Resize
End Sub
Private Sub Form_Resize()
TabbedTextOut GetDC(Me.hWnd), 0, 0, "123", -1
End Sub