|
|
本帖最后由 Tesla.Angela 于 2010-7-31 11:43 编辑
用ZwSuspendProcess挂起进程大家都会,其实用ntdll.dll导出的几个Dbg函数也是可以变相挂起进程的。废话不说,直接上码:
- Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
- Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
- Private Declare Function DbgUiConnectToDbg Lib "ntdll" () As Long
- Private Declare Function DbgUiDebugActiveProcess Lib "ntdll" (ByVal ProcessHandle As Long) As Long
- Private Declare Function DbgUiStopDebugging Lib "ntdll" (ByVal ProcessHandle As Long) As Long
- Private Function SuspendProcess(ByVal hProcess As Long) As Long
- SuspendProcess = DbgUiDebugActiveProcess(hProcess)
- End Function
- Private Function ResumeProcess(ByVal hProcess As Long) As Long
- ResumeProcess = DbgUiStopDebugging(hProcess)
- End Function
- Private Sub Command1_Click()
- hProcess = OpenProcess(2035711, 0, CLng(Text1.Text))
- SuspendProcess hProcess
- CloseHandle hProcess
- End Sub
- Private Sub Command2_Click()
- hProcess = OpenProcess(2035711, 0, CLng(Text1.Text))
- ResumeProcess hProcess
- CloseHandle hProcess
- End Sub
- Private Sub Form_Load()
- Call EnablePrivilege(SE_DEBUG)
- DbgUiConnectToDbg
- End Sub
这个想法不是我提出来的,只是由我具体实现而已。 |
|
发表于 2010-7-31 11:33:19
发表于 2010-7-31 12:40:04
