delphi 利用驱动最简单结束进程的方法
驱动一般都很牛 ! 普通的 也是很不错的
弄了一天,用dddk编译的,主要是native api的声明不好转
unit ring0kill;
interface
uses
nt_status, ntoskrnl;
function _DriverEntry(pDriverObject:PDRIVER_OBJECT; pusRegistryPath:PUNICODE_STRING): NTSTATUS; stdcall;
implementation
function _DriverEntry(pDriverObject:PDRIVER_OBJECT; pusRegistryPath:PUNICODE_STRING): NTSTATUS;
var
hProcess:thandle;
cid: CLIENT_ID;
oa :OBJECT_ATTRIBUTES;
hJob: DWORD;
begin
oa.Length := sizeof(OBJECT_ATTRIBUTES,',',');
oa.RootDirectory := 0;
oa.ObjectName := nil;
oa.Attributes := 0;
oa.SecurityDescriptor := nil;
oa.SecurityQualityOfService := nil;
cid.UniqueProcess := 1076;//呵呵,进程pid
cid.UniqueThread := 0;
ZwOpenProcess(@hProcess, $001F0FFF , @oa, @cid,',',');
ZwTerminateProcess(hProcess, 0,',',');
ZwClose(hProcess,',',');
DbgPrint('SystemModules: Leaving DriverEntry',',',');
result := STATUS_DEVICE_CONFIGURATION_ERROR;
end;
end.
关键字词:
