safeterm.cpp

Cracker终结者——提供最优秀的软件保护技术

//#define UNICODE
#ifdef UNICODE
#define _UNICODE
#endif
#include <stdio.h>
#include <conio.h>
#include <string.h>
#include <windows.h>
#include <tchar.h>
//#define AH_STATIC_LINKING
#include <ApiHooks.h>
//#define PW_STATIC_LINKING
#include <PrcWorks.h>

#ifndef _MSC_VER
 #define getch getchar
#endif


#define IsNT ((int)GetVersion()>0)

/////////////////////////////////////////////////////////

int PrintPIDs(void) {
 LPTSTR stemplate = TEXT("0x%.8X = 0d%.10u : %s\n");
 LONG r=0, s=r+1, t;
 DWORD *buf=NULL;
 TCHAR ProcName[MAX_PATH]; 
 while(s>r) { 
   r=s+0x100;  
   if(buf)
     LocalFree(buf);
   if(buf=(LPDWORD)LocalAlloc(LPTR, r*sizeof(LONG))) {
      s = BuildPIDList(buf, r, PW_ALLSESSIONS);
      if(s==PW_MEMERROR)
        return _tprintf(TEXT("BuildPIDList failed!\n"));
   }
   else
     return _tprintf(TEXT("Current heap too small!\n"));
 }
 if(IsNT)
   stemplate = TEXT("0x%.3X = 0d%.4u : %s\n");
 for(r=0; r<s; r++)
   if(((t=PID2ProcessName(buf[r], ProcName))!=PW_PIDERROR)&&(t!=PW_MEMERROR))
     _tprintf(stemplate, buf[r], buf[r], ProcName);
 return (int)LocalFree(buf);
}
/////////////////////////////////////////////////////////
  typedef union {
    COORD coord;
    WORD  wsize[2];
  } LCC32_COORD;

int _tmain(int argc, TCHAR** argv) {
  LONG   dwProcessId;
  HANDLE hProcess;
  TCHAR  ProcessName[MAX_PATH];
  HANDLE StdOut;
  LCC32_COORD cbsize = {{80, 0x910}};

  FreeConsole(); 
  AllocConsole();
  StdOut = GetStdHandle(STD_OUTPUT_HANDLE);
  SetConsoleTitle(TEXT("SafeTerm"));

  HMODULE hntdll;
  typedef LONG (WINAPI *TRAP)(DWORD, BOOL, DWORD, BYTE*);
  TRAP RAP;
  BYTE WasEn;
  if(hntdll = GetModuleHandle(_T("NTDLL.DLL")))
    if(RAP = (TRAP)GetProcAddress(hntdll, "RtlAdjustPrivilege"))
      RAP(20, TRUE, 0, &WasEn);

  if(argc < 2) {
    while(!SetConsoleScreenBufferSize(StdOut, cbsize.coord))
      cbsize.wsize[1] -= 0x10;
    PrintPIDs();
    _tprintf(TEXT("\nEnter 0x/0dPID or ProcessName with/out Path : "));
    _getts(ProcessName);
  }
  else
    ExpandEnvironmentStrings(argv[1], ProcessName, sizeof(ProcessName));

  if(!_tcsnicmp(TEXT("0x"), ProcessName, 2))
    _stscanf(ProcessName, TEXT("%x"), &dwProcessId);
  else
    if(!_tcsnicmp(TEXT("0d"), ProcessName, 2))  
      _stscanf(ProcessName+2, TEXT("%u"), &dwProcessId);
    else
      if(((dwProcessId = ProcessName2PID(ProcessName)) == PW_PIDERROR) || (dwProcessId == PW_SESERROR) ||
         (dwProcessId == PW_MEMERROR)) {
        _tprintf(TEXT("\nCan't find '%s'!"), ProcessName);
        return getch();
      }

  if(hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | SYNCHRONIZE, FALSE, dwProcessId)) {
    DWORD ExitCode = 0x11111111;
    DWORD AHResult = LoadAndCall(NULL, _T("KERNEL32.dll"), dwProcessId, 10000,
                       1, _T("ExitProcess"), 1, &ExitCode);
    WaitForSingleObject(hProcess, 10000);
    DWORD nExitCode = 0;
    GetExitCodeProcess(hProcess, &nExitCode);
    CloseHandle(hProcess);
    if(nExitCode == ExitCode) {
      _tprintf(TEXT("\n'%s' was exited."), ProcessName);
    }
    else {
      if(AHResult == ErrorAHTimeOut) {
        _tprintf(TEXT("\n'%s' exiting deferred."), ProcessName);       
      }
      else {
        _tprintf(TEXT("\nCan't exit '%s'. Terminate [Y/N]?"), ProcessName);
        if((getch() | ' ') == 'y') {
          if(hProcess = OpenProcess(PROCESS_TERMINATE, FALSE, dwProcessId)) {
            if(TerminateProcess(hProcess, ExitCode)) {
              _tprintf(TEXT("\n'%s' was terminated."), ProcessName);
            }
            else {
              _tprintf(TEXT("\nCan't terminate '%s'!"), ProcessName);
            }
            CloseHandle(hProcess);
          }
          else {
            _tprintf(TEXT("\nCan't open '%s' for termination!"), ProcessName);
          }
        }
      } 
    } 
  }
  else {
    _tprintf(TEXT("\nCan't open '%s' for query&synchro!"), ProcessName);
  }
  return getch();
}