1,183
社区成员
发帖
与我相关
我的任务
分享如何监视新进程启动?
我想弄个小工具放在后台。不让本机运行某些程序:一旦发现这些程序起来就杀掉。
ps:我公司的机器有个yitproxy(亿特代理?),每天早晨我就发现它起来了。system32下的文件每次删掉后就有了。 --和木马一样可恶。
ps:我公司的机器有个yitproxy(亿特代理?),每天早晨我就发现它起来了。system32下的文件每次删掉后就有了。 --和木马一样可恶。
...全文
请发表友善的回复…
发表回复
hottey 2004-10-12
- 打赏
- 举报
///杀死进程///
function Killpro(ExeFileName: string): integer;
const
PROCESS_TERMINATE=$0001;
var
ContinueLoop: BOOL;
FSnapshotHandle: THandle;
FProcessEntry32: TProcessEntry32;
begin
result:= 0;
FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
FProcessEntry32.dwSize := Sizeof(FProcessEntry32);
ContinueLoop := Process32First(FSnapshotHandle,FProcessEntry32);
while integer(ContinueLoop) <> 0 do
//循环枚举快照中所有进程信息
begin
if ((UpperCase(ExtractFileName(FProcessEntry32.szExeFile))=UpperCase(ExeFileName))
or (UpperCase(FProcessEntry32.szExeFile)=UpperCase(ExeFileName))) then
//找到要中止的进程名
Result := Integer(TerminateProcess(OpenProcess(PROCESS_TERMINATE, BOOL(0),
FProcessEntry32.th32ProcessID), 0));
//中止进程
ContinueLoop := Process32Next(FSnapshotHandle,FProcessEntry32);
end;
end;
调用KillProc('yitproxy.exe');
///好用的话记得给分哟。
function Killpro(ExeFileName: string): integer;
const
PROCESS_TERMINATE=$0001;
var
ContinueLoop: BOOL;
FSnapshotHandle: THandle;
FProcessEntry32: TProcessEntry32;
begin
result:= 0;
FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
FProcessEntry32.dwSize := Sizeof(FProcessEntry32);
ContinueLoop := Process32First(FSnapshotHandle,FProcessEntry32);
while integer(ContinueLoop) <> 0 do
//循环枚举快照中所有进程信息
begin
if ((UpperCase(ExtractFileName(FProcessEntry32.szExeFile))=UpperCase(ExeFileName))
or (UpperCase(FProcessEntry32.szExeFile)=UpperCase(ExeFileName))) then
//找到要中止的进程名
Result := Integer(TerminateProcess(OpenProcess(PROCESS_TERMINATE, BOOL(0),
FProcessEntry32.th32ProcessID), 0));
//中止进程
ContinueLoop := Process32Next(FSnapshotHandle,FProcessEntry32);
end;
end;
调用KillProc('yitproxy.exe');
///好用的话记得给分哟。
ly_liuyang 2004-10-04
- 打赏
- 举报
API Hook技术
Hook CreateProcessW的API就一定OK
Hook CreateProcessW的API就一定OK
yjm820604 2004-10-02
- 打赏
- 举报
用优化大师是最好不过了!
liudeihua 2004-09-30
- 打赏
- 举报
扫描进程列表,然后把进程对应的程序名称做比较,就可以得到进程句柄
lostmyway 2004-09-30
- 打赏
- 举报
如何根据进程名取得进程句柄: 如这里yitproxy.exe 如何根据“yitproxy.exe”取得其进程句柄?
lostmyway 2004-09-20
- 打赏
- 举报
xiaoxiao197821(你的笑对我很重要)
定时扫描系统进程列表? 不知是不是还有没有系统级的API直接能管理进程启动的。
定时扫描系统进程列表? 不知是不是还有没有系统级的API直接能管理进程启动的。
lostmyway 2004-09-20
- 打赏
- 举报
这东西不是我“装”的!
我只在system32下找到了它的3个文件yite.exe(zip自解压,包含后面2个文件)、yitproxy.exe还有个ini配置文件。
我只在system32下找到了它的3个文件yite.exe(zip自解压,包含后面2个文件)、yitproxy.exe还有个ini配置文件。
xiaoxiao197821 2004-09-20
- 打赏
- 举报
unit Unit1;
interface
uses
Windows, Messages, SysUtils, Classes, Graphics, TLHelp32, Controls, Forms, Dialogs,
StdCtrls;
type
TProcessInfo = record
ExeFile: string;
ProcessId: DWORD;
end;
ProcessInfo = ^TProcessInfo;
TForm1 = class(TForm)
ListBox1: TListBox;
Button1: TButton;
Button2: TButton;
procedure Button1Click(Sender: TObject);
procedure ProcessList(var pList: TList);
procedure My_RunFileScan(ListboxRunFile: TListBox);
procedure Button2Click(Sender: TObject);
private
{ Private declarations }
public
Current: TList;
{ Public declarations }
end;
var
Form1: TForm1;
implementation
{$R *.DFM}
procedure TForm1.ProcessList(var pList: TList);
var
p: ProcessInfo;
ok: Bool;
ProcessListHandle: THandle;
ProcessStruct: TProcessEntry32;
begin
PList := TList.Create;
PList.Clear;
ProcessListHandle := CreateToolHelp32Snapshot(TH32CS_SNAPPROCESS, 0);
ProcessStruct.dwSize := Sizeof(ProcessStruct);
ok := Process32First(ProcessListHandle, ProcessStruct);
while Integer(ok) <> 0 do
begin
new(p);
p.ExeFile := ProcessStruct.szExeFile;
p.ProcessID := ProcessStruct.th32ProcessID;
PList.Add(p);
ok := Process32Next(ProcessListHandle, ProcessStruct);
end;
end;
procedure TForm1.Button1Click(Sender: TObject);
var
h: THandle;
a: DWORD;
p: PRocessInfo;
begin
if ListBox1.ItemIndex >= 0 then
begin
p := Current.Items[ListBox1.ItemIndex];
h := openProcess(Process_All_Access, true, p.ProcessID);
GetExitCodeProcess(h, a);
if Integer(TerminateProcess(h, a)) <> 0 then
begin
My_RunFileScan(ListBox1);
end;
end
else
Application.MessageBox('请先选择一个进程!', '黑洞', MB_ICONERROR + MB_OK);
end;
procedure TForm1.My_RunFileScan(ListboxRunFile: TListBox);
var
i: Integer;
p: PRocessInfo;
begin
current := TList.Create;
Current.Clear;
ListboxRunFile.Clear;
ProcessList(Current);
for i := 0 to Current.Count - 1 do
begin
new(p);
p := Current.Items[i];
ListboxRunFile.Items.Add(p.ExeFile);
end;
end;
procedure TForm1.Button2Click(Sender: TObject);
begin
My_RunFileScan(ListBox1);
end;
end.
interface
uses
Windows, Messages, SysUtils, Classes, Graphics, TLHelp32, Controls, Forms, Dialogs,
StdCtrls;
type
TProcessInfo = record
ExeFile: string;
ProcessId: DWORD;
end;
ProcessInfo = ^TProcessInfo;
TForm1 = class(TForm)
ListBox1: TListBox;
Button1: TButton;
Button2: TButton;
procedure Button1Click(Sender: TObject);
procedure ProcessList(var pList: TList);
procedure My_RunFileScan(ListboxRunFile: TListBox);
procedure Button2Click(Sender: TObject);
private
{ Private declarations }
public
Current: TList;
{ Public declarations }
end;
var
Form1: TForm1;
implementation
{$R *.DFM}
procedure TForm1.ProcessList(var pList: TList);
var
p: ProcessInfo;
ok: Bool;
ProcessListHandle: THandle;
ProcessStruct: TProcessEntry32;
begin
PList := TList.Create;
PList.Clear;
ProcessListHandle := CreateToolHelp32Snapshot(TH32CS_SNAPPROCESS, 0);
ProcessStruct.dwSize := Sizeof(ProcessStruct);
ok := Process32First(ProcessListHandle, ProcessStruct);
while Integer(ok) <> 0 do
begin
new(p);
p.ExeFile := ProcessStruct.szExeFile;
p.ProcessID := ProcessStruct.th32ProcessID;
PList.Add(p);
ok := Process32Next(ProcessListHandle, ProcessStruct);
end;
end;
procedure TForm1.Button1Click(Sender: TObject);
var
h: THandle;
a: DWORD;
p: PRocessInfo;
begin
if ListBox1.ItemIndex >= 0 then
begin
p := Current.Items[ListBox1.ItemIndex];
h := openProcess(Process_All_Access, true, p.ProcessID);
GetExitCodeProcess(h, a);
if Integer(TerminateProcess(h, a)) <> 0 then
begin
My_RunFileScan(ListBox1);
end;
end
else
Application.MessageBox('请先选择一个进程!', '黑洞', MB_ICONERROR + MB_OK);
end;
procedure TForm1.My_RunFileScan(ListboxRunFile: TListBox);
var
i: Integer;
p: PRocessInfo;
begin
current := TList.Create;
Current.Clear;
ListboxRunFile.Clear;
ProcessList(Current);
for i := 0 to Current.Count - 1 do
begin
new(p);
p := Current.Items[i];
ListboxRunFile.Items.Add(p.ExeFile);
end;
end;
procedure TForm1.Button2Click(Sender: TObject);
begin
My_RunFileScan(ListBox1);
end;
end.
醉马不肖 2004-09-20
- 打赏
- 举报
卸载它不就vok了吗?
