Go to: how to upgrade the process token in Delphi
I have been using Delphi to write a program for some time. When I write a module that ends other processes, it sometimes fails because of the high permissions of other processes, such as virus processes, a function that ends a process does not work. You must first increase the permissions of your program and then end other processes.
I also saw some functions on the Internet to improve the process token, but they are not very useful. Finally, I extracted a good function to improve the process token from the source code of a hacker backdoor program, I don't dare to share it with you.
Add the header: tlhelp32
// Upgrade process permissions to debug permissions
Procedure setprivilege;
VaR
Oldtokenprivileges, tokenprivileges: ttokenprivileges;
Returnlength: DWORD;
Htoken: thandle;
Luid: int64;
Begin
Openprocesstoken (getcurrentprocess, token_adjust_privileges, htoken );
Lookupprivilegevalue (nil, 'sedebugprivilege', luid );
Tokenprivileges. Privileges [0]. luid: = luid;
Tokenprivileges. privilegecount: = 1;
Tokenprivileges. Privileges [0]. attributes: = 0;
Adjusttokenprivileges (htoken, false, tokenprivileges, sizeof (ttokenprivileges), oldtokenprivileges, returnlength );
Oldtokenprivileges. Privileges [0]. luid: = luid;
Oldtokenprivileges. privilegecount: = 1;
Oldtokenprivileges. Privileges [0]. attributes: = tokenprivileges. Privileges [0]. attributes or se_privilege_enabled;
Adjusttokenprivileges (htoken, false, oldtokenprivileges, returnlength, ptokenprivileges (NiL) ^, returnlength );
End;
Needless to say,
Procedure tform1.formcreate (Sender: tobject );
Begin
Setprivilege;
...
In one sentence, the program is upgraded to the debug permission, and other processes can be ended at will.
A function for ending the process is also attached here for your reference:
Function killtask (exefilename: string): integer;
Const
Process_terminate =$ 0001;
VaR
Continueloop: bool;
Fsnapshothandle: thandle;
Fprocessentry32: tprocessentry32;
Begin
Result: = 0;
Fsnapshothandle: = createconlhelp32snapshot
(Th32cs_snapprocess, 0 );
Fprocessentry32.dwsize: = sizeof (fprocessentry32 );
Continueloop: = process32first (fsnapshothandle,
Fprocessentry32 );
While INTEGER (continueloop) <> 0 do
Begin
If (uppercase (extractfilename (fprocessentry32.szexefile) =
Uppercase (exefilename ))
Or (uppercase (fprocessentry32.szexefile) =
Uppercase (exefilename) then
Result: = INTEGER (terminateprocess (OpenProcess (
Process_terminate, bool (0 ),
Fprocessentry32.th32processid), 0 ));
Continueloop: = process32next (fsnapshothandle,
Fprocessentry32 );
End;
Closehandle (fsnapshothandle );
End;
Call a function
Killtask ('cmder.exe ');
The same is true for a single sentence.
My test result is:
After I use my own program to end the system's key process winlogon.exe, click "End Process"
The computer immediately restarted the blue screen.