Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- bool killProcces(const char * path) {
- HANDLE hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPALL, NULL);
- PROCESSENTRY32 pEntry;
- bool killSucceed = false;
- // load the neccery libraries
- _NtQuerySystemInformation NtQuerySystemInformation =
- (_NtQuerySystemInformation)GetLibraryProcAddress("ntdll.dll", "NtQuerySystemInformation");
- _NtDuplicateObject NtDuplicateObject =
- (_NtDuplicateObject)GetLibraryProcAddress("ntdll.dll", "NtDuplicateObject");
- _NtQueryObject NtQueryObject =
- (_NtQueryObject)GetLibraryProcAddress("ntdll.dll", "NtQueryObject");
- NTSTATUS status;
- PSYSTEM_HANDLE_INFORMATION handleInfo;
- ULONG handleInfoSize = 0x10000;
- ULONG pid;
- HANDLE processHandle;
- ULONG i;
- pEntry.dwSize = sizeof(pEntry);
- BOOL hRes = Process32First(hSnapShot, &pEntry);
- while (hRes && !killSucceed) // iterate all the run procceses ( if we get new procces and we didn't killed one )
- {
- //if (strcmp(/*new*/(char *)pEntry.szExeFile, path) == 0) // if current process have the same name of our desired path
- //{
- // HANDLE hProcess = OpenProcess(PROCESS_TERMINATE, 0, (DWORD)pEntry.th32ProcessID);
- // cout << "current process id is: " << GetProcessId(hProcess) << "\n";
- // if (hProcess != NULL) // close proccess iff it is steel runing
- // { // The exit code (=9) to be used by the process and threads terminated as a result of this call
- // TerminateProcess(hProcess, 9);
- // CloseHandle(hProcess);
- // killSucceed = true;
- // }
- //}
- if (killSucceed) { // don't continue that specific iteration if we have killed the desired procces
- continue;
- }
- pid = pEntry.th32ProcessID; // maybe casting is needed !
- if (!(processHandle = OpenProcess(PROCESS_DUP_HANDLE, FALSE, pid))) // if the attempet to duplicate current process failed
- {
- printf("Could not open PID %d! (Don't try to open a system process.. line 73)\n", pid);
- return FALSE;
- }
- handleInfo = (PSYSTEM_HANDLE_INFORMATION)malloc(handleInfoSize); // allocate place for handleInfo object
- /* NtQuerySystemInformation won't give us the correct buffer size,
- so we guess by doubling the buffer size. */
- while ((status = NtQuerySystemInformation( // getting information about current process
- SystemHandleInformation, // SystemInformationClass
- handleInfo, // PVOID - SystemInformation
- handleInfoSize, // SystemInformationLength
- NULL // ReturnLength
- )) == STATUS_INFO_LENGTH_MISMATCH)
- handleInfo = (PSYSTEM_HANDLE_INFORMATION)realloc(handleInfo, handleInfoSize *= 2); //until secceded, duplicate the length
- /* NtQuerySystemInformation stopped giving us STATUS_INFO_LENGTH_MISMATCH. */
- if (!NT_SUCCESS(status)) // if the allocation doesn't secceded, even after realloc the space
- {
- printf("NtQuerySystemInformation failed!\n");
- return FALSE;
- }
- for (i = 0; i < handleInfo->HandleCount; i++) // as the number of handels the given process has
- {
- SYSTEM_HANDLE handle = handleInfo->Handles[i];
- HANDLE dupHandle = NULL;
- POBJECT_TYPE_INFORMATION objectTypeInfo;
- PVOID objectNameInfo;
- UNICODE_STRING objectName;
- ULONG returnLength;
- /* Check if this handle belongs to the PID the user specified. */
- if (handle.ProcessId != pid) {
- continue;
- }
- else { // so maybe we found the match
- if (strcmp(/*new*/(char *)pEntry.szExeFile, path) == 0) { // if current process have the same name of our desired path
- cout << "--------------------------------------------------\nwe found match!!!\n--------------------------------------------------\n";
- HANDLE hProcess = OpenProcess(PROCESS_TERMINATE, 0, (DWORD)pEntry.th32ProcessID);
- if (hProcess != NULL) // close proccess iff it is steel runing
- { // The exit code (=9) to be used by the process and threads terminated as a result of this call
- TerminateProcess(hProcess, 9);
- CloseHandle(hProcess);
- killSucceed = true;
- } // end inner if
- } // end outer if
- } // end else
- /* Duplicate the handle so we can query it. */
- if (!NT_SUCCESS(NtDuplicateObject(
- processHandle,
- (HANDLE)handle.Handle,
- GetCurrentProcess(),
- &dupHandle,
- 0,
- 0,
- 0
- )))
- { // if the atempt to duplicate the current handle failed, move next
- printf("[%#x] Error!\n", handle.Handle);
- continue;
- }
- /* Query the object type. */
- objectTypeInfo = (POBJECT_TYPE_INFORMATION)malloc(0x1000);
- if (!NT_SUCCESS(NtQueryObject(
- dupHandle,
- ObjectTypeInformation,
- objectTypeInfo,
- 0x1000,
- NULL
- )))
- { // if the atempt to duplicate the current handle failed, move next
- printf("[%#x] Error!\n", handle.Handle);
- CloseHandle(dupHandle);
- continue;
- }
- /* Query the object name (unless it has an access of
- 0x0012019f, on which NtQueryObject could hang. */
- if (handle.GrantedAccess == 0x0012019f) // if the current handle isn't accessible...
- {
- /* We have the type, so display that. */
- printf(
- "[%#x] %.*S: (did not get name)\n",
- handle.Handle,
- objectTypeInfo->Name.Length / 2,
- objectTypeInfo->Name.Buffer
- );
- free(objectTypeInfo);
- CloseHandle(dupHandle);
- continue;
- }
- objectNameInfo = malloc(0x1000);
- if (!NT_SUCCESS(NtQueryObject(
- dupHandle,
- ObjectNameInformation,
- objectNameInfo,
- 0x1000,
- &returnLength
- )))
- {
- /* Reallocate the buffer and try again. */
- objectNameInfo = realloc(objectNameInfo, returnLength);
- if (!NT_SUCCESS(NtQueryObject(
- dupHandle,
- ObjectNameInformation,
- objectNameInfo,
- returnLength,
- NULL
- )))
- {
- /* We have the type name, so just display that. */
- printf(
- "[%#x] %.*S: (could not get name)\n",
- handle.Handle,
- objectTypeInfo->Name.Length / 2,
- objectTypeInfo->Name.Buffer
- );
- free(objectTypeInfo);
- free(objectNameInfo);
- CloseHandle(dupHandle);
- continue;
- }
- }
- /* Cast our buffer into an UNICODE_STRING. */
- objectName = *(PUNICODE_STRING)objectNameInfo;
- /* Print the information! */
- if (objectName.Length)
- {
- /* The object has a name. */
- printf(
- "\n\n\n\n\n-----------------------------------\n[%#x] %.*S: %.*S\n\n\n\n\n-----------------------------------\n",
- handle.Handle,
- objectTypeInfo->Name.Length / 2,
- objectTypeInfo->Name.Buffer,
- objectName.Length / 2,
- objectName.Buffer
- );
- }
- else
- {
- /* Print something else. */
- printf(
- "[%#x] %.*S: (unnamed)\n",
- handle.Handle,
- objectTypeInfo->Name.Length / 2,
- objectTypeInfo->Name.Buffer
- );
- }
- free(objectTypeInfo);
- free(objectNameInfo);
- CloseHandle(dupHandle);
- } // ----------------------------- end for -----------------------------
- free(handleInfo);
- CloseHandle(processHandle);
- hRes = Process32Next(hSnapShot, &pEntry);
- }
- CloseHandle(hSnapShot);
- return killSucceed;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement