结束线程模块[已解决]
本帖最后由 xsjtxy 于 2010-7-28 16:44 编辑求教结束IE里面加载的dll模块
以下是论坛里面搜到的关于线程模块的查看和结束的贴子。查看所有加载的线程是没问题。
但是结束的贴子不管用。麻烦各位大侠改进一下。
http://www.autoitx.com/forum.php?mod=viewthread&tid=11609&highlight=%C4%A3%BF%E9
http://www.autoitx.com/forum.php?mod=viewthread&tid=11607&highlight=%C4%A3%BF%E9
#include <LocalSecurityAuthority.au3>
$iProcessID = ProcessExists("IEXPLORE.EXE")
$sModule = "C:\windows\system32\bbns.dll"
_UnloadDll($iProcessID, $sModule) ; Returns True if succeeds.
Func _UnloadDll($iProcessID, $sModule)
Local $aModule, $hModule, $pFreeLibrary, $hThread, $hProcess
Local $hToken, $aPriv = [[$SE_DEBUG_NAME, 2]], $iFlags
$hToken = _OpenProcessToken(-1)
_AdjustTokenPrivileges($hToken, $aPriv)
_LsaCloseHandle($hToken)
$hProcess = _OpenProcess($iProcessID)
If $hProcess < 1 Then Return SetError(@error, 0, 0)
$sModule = _GetFullPathName($sModule)
$hModule = _GetModuleHandle("Kernel32.dll")
$pFreeLibrary = _GetProcAddress($hModule, "FreeLibrary")
$aModule = _EnumProcessModules($hProcess)
For $i = 1 To $aModule
If $aModule[$i] <> $sModule Then ContinueLoop
$hThread = _CreateRemoteThread($hProcess, 0, 0, $pFreeLibrary, $aModule[$i], 0)
If @extended Then $iFlags = 1
_LsaCloseHandle($hThread)
Next
$aModule = _EnumProcessModules($hProcess)
For $i = 1 To $aModule
If $aModule[$i] = $sModule Then $iFlags = 0
Next
Return SetError(0, _LsaCloseHandle($hProcess), $iFlags)
EndFunc ;==>_UnloadDll
Func _GetFullPathName($sFile)
Local $iResult
$iResult = DllCall("Kernel32.dll", "int", "GetFullPathName", _
"str", $sFile, "dword", 260, "str", "", "str", "")
Return $iResult
EndFunc ;==>_GetFullPathName
Func _GetModuleHandle($sModule)
Local $iResult
$iResult = DllCall("Kernel32.dll", "long", "GetModuleHandle", "str", $sModule)
Return SetError(_GetLastError(), 0, $iResult)
EndFunc ;==>_GetModuleHandle
Func _EnumProcessModules($hProcess)
Local $pBuffer, $tBuffer, $iResult, $aResult
$iResult = DllCall("Psapi.dll", "int", "EnumProcessModules", "hWnd", $hProcess, _
"ptr", 0, "dword", 0, "dword*", 0)
$pBuffer = _HeapAlloc($iResult)
$iResult = DllCall("Psapi.dll", "int", "EnumProcessModules", "hWnd", $hProcess, _
"ptr", $pBuffer, "dword", $iResult, "dword*", 0)
$tBuffer = DllStructCreate("hWnd Modules[" & ($iResult / 4) & "]", $pBuffer)
$aResult = $iResult / 4
Redim $aResult[$aResult + 1]
For $i = 1 To $aResult
$aResult[$i] = DllStructGetData($tBuffer, "Modules", $i)
$aResult[$i] = _GetModuleFileNameEx($hProcess, $aResult[$i])
Next
_HeapFree($pBuffer)
Return SetError(0, _FreeVariable($tBuffer), $aResult)
EndFunc ;==>_EnumProcessModules
Func _GetModuleFileNameEx($hProcess, $hModule)
Local $iResult
$iResult = DllCall("Psapi.dll", "dword", "GetModuleFileNameEx", "hWnd", $hProcess, _
"hWnd", $hModule, "str", "", "dword", 260)
Return $iResult
EndFunc ;==>_GetModuleFileNameEx
Func _GetProcAddress($hModule, $sProcdure)
Local $iResult
$iResult = DllCall("Kernel32.dll", "hWnd", "GetProcAddress", "hWnd", $hModule, "str", $sProcdure)
Return $iResult
EndFunc ;==>_GetProcAddress
Func _CreateRemoteThread($hProcess, $pThreadSecur, $iStackSize, $pStartAddr, $pParam, $iFlags)
Local $iResult
$iResult = DllCall("Kernel32.dll", "hWnd", "CreateRemoteThread", "hWnd", $hProcess, _
"ptr", $pThreadSecur, "dword", $iStackSize, "ptr", $pStartAddr, _
"ptr", $pParam, "dword", $iFlags, "dword*", 0)
Return SetError(_GetLastError(), $iResult, $iResult)
EndFunc ;==>_CreateRemoteThread
经过反复测试发现原来是因为某些DLL的原因。
页:
[1]