在 Ring0 中结束进程

/* 在Ring0中结束进程
by exchen
2009-10-08
*/

#include<ntddk.h>
#include<wdm.h>

NTSTATUS Unload(IN PDRIVER_OBJECT  DriverObject)
{
	DbgPrint("驱动已经卸载\n");    
} 

void EndProcess()
{

	HANDLE ProcessHandle;

	NTSTATUS status;

	OBJECT_ATTRIBUTES  ObjectAttributes;

	CLIENT_ID myCid;

	ULONG dwPid = 1688;


	DbgPrint("进入结束进程状态\n");

	InitializeObjectAttributes(&ObjectAttributes,0,0,0,0); 

	myCid.UniqueProcess = (HANDLE)dwPid;
	myCid.UniqueThread = 0;

	status = ZwOpenProcess (
				&ProcessHandle,
				PROCESS_ALL_ACCESS,
				&ObjectAttributes,
				&myCid
				);


	if (!NT_SUCCESS(status))
	{
		DbgPrint("打开进程出错\n");
	}

	status = ZwTerminateProcess(
				ProcessHandle,
				0
				);

	if(!NT_SUCCESS(status))
	{
		DbgPrint("结束进程出错\n");
	}

	ZwClose(ProcessHandle);

	DbgPrint("%x",status);
}

NTSTATUS 
DriverEntry(
IN PDRIVER_OBJECT  DriverObject,
IN PUNICODE_STRING  RegistryPath
)
{
	DbgPrint("驱动已经加载了\n");
	EndProcess();
	DriverObject->DriverUnload = Unload;    
	return STATUS_SUCCESS;
}

/* 在Ring0中结束进程

by exchen

2009-10-08

#include<ntddk.h>

#include<wdm.h>

NTSTATUS Unload(IN PDRIVER_OBJECT DriverObject)

{

DbgPrint("驱动已经卸载\n");

}

void EndProcess()

{

HANDLE ProcessHandle;

NTSTATUS status;

OBJECT_ATTRIBUTES ObjectAttributes;

CLIENT_ID myCid;

ULONG dwPid = 1688;

DbgPrint("进入结束进程状态\n");

InitializeObjectAttributes(&ObjectAttributes,0,0,0,0);

myCid.UniqueProcess = (HANDLE)dwPid;

myCid.UniqueThread = 0;

status = ZwOpenProcess (

&ProcessHandle,

PROCESS_ALL_ACCESS,

&ObjectAttributes,

&myCid

);

if (!NT_SUCCESS(status))

{

DbgPrint("打开进程出错\n");

}

status = ZwTerminateProcess(

ProcessHandle,

);

if(!NT_SUCCESS(status))

{

DbgPrint("结束进程出错\n");

}

ZwClose(ProcessHandle);

DbgPrint("%x",status);

}

NTSTATUS

DriverEntry(

IN PDRIVER_OBJECT DriverObject,

IN PUNICODE_STRING RegistryPath

)

{

DbgPrint("驱动已经加载了\n");

EndProcess();

DriverObject->DriverUnload = Unload;

return STATUS_SUCCESS;

}

转载请注明：exchen's blog » 在 Ring0 中结束进程

在 Ring0 中结束进程

与本文相关的文章

Hi，您需要填写昵称和邮箱！