|
|
void KillProc() //By ASM
{
//注意参数反向推入
long pid=0;
HANDLE hp;
printf("Input pid: ");
scanf("%ld",&pid);
HMODULE kernel32=LoadLibraryA("kernel32.dll");
PVOID op=GetProcAddress(kernel32,"OpenProcess");
PVOID tp=GetProcAddress(kernel32,"TerminateProcess");
//hp=OpenProcess(1,0,pid);
__asm
{
push pid
push 0
push 1
call op
mov hp,eax
}
//TerminateProcess(hp,0);
__asm
{
push 0
push hp
call tp
}
}
void MsgBoxByASM()
{
char sstr[]="你好,世界!!!";
char stit[]="我的标题";
PVOID s1=sstr,s2=stit;
HMODULE user32=LoadLibraryA("user32.dll");
PVOID mymsgbox=GetProcAddress(user32,"MessageBoxA");
__asm
{
push 0
push s2
push s1
push 0
call mymsgbox
}
}
void ZwOpenProcCall()
{
//init the params
long pid=0,stt;
HANDLE hp;ULONG php=(ULONG)(&hp);
CLIENT_ID cid;ULONG pcid=(ULONG)(&cid);
OBJECT_ATTRIBUTES oa;ULONG poa=(ULONG)(&oa);
printf("[KILL PROCESS]Input pid: ");scanf("%ld",&pid);
oa.Length=sizeof(oa);
oa.RootDirectory = 0;
oa.ObjectName = 0;
oa.Attributes = 0;
oa.SecurityDescriptor = 0;
oa.SecurityQualityOfService = 0;
cid.UniqueProcess=(HANDLE)pid;
cid.UniqueThread=0;
//get address and call
HMODULE ntdll=LoadLibraryA("ntdll.dll");
//RtlAdjustPrivilege(20,1,0,0);
PVOID pRtlAdjustPrivilege=GetProcAddress(ntdll,"RtlAdjustPrivilege");
int nu;int *pnu=ν
__asm
{
push pnu
push 0
push 1
push 20
call pRtlAdjustPrivilege
}
//ZwOpenProcess(&hp,1,&oa,&cid);
PVOID pZwOpenProcess=GetProcAddress(ntdll,"ZwOpenProcess");
__asm
{
push pcid
push poa
push 1
push php
call pZwOpenProcess
mov stt,eax
}
printf("NTSTATUS: %x\nProcess Handle: %ld\n",stt,hp);
//ZwTerminateProces(hp,0);
PVOID pZwTerminateProcess=GetProcAddress(ntdll,"ZwTerminateProcess");
__asm
{
push 0
push hp
call pZwTerminateProcess
}
} |
|
发表于 2010-6-19 00:12:06
发表于 2010-6-19 09:09:31