driver.h

使用驱动技术可以关闭任意指定进程提升应用程序权限

#include <stdio.h>
#include <windows.h>
#include <tchar.h>
#include "resource.h"

#define		EXE_DRIVER_NAME			_T("KILLIS")
#define		DISPLAY_NAME			_T("KILLIS Driver")

//加载驱动
HANDLE LoadDriver(IN LPCTSTR lpFileName);

//卸载驱动
void UnloadDriver(IN HANDLE hDriver);

//释放资源
void FreeSYS();


HANDLE LoadDriver( IN LPCTSTR lpFileName )
{
    HANDLE hDriver = INVALID_HANDLE_VALUE;
	char OpenName[MAX_PATH] = "\\\\.\\KILLIS";
    SC_HANDLE hSCManager = OpenSCManager( NULL, NULL,SC_MANAGER_CREATE_SERVICE );
    if ( NULL != hSCManager )
    {
        SC_HANDLE hService = CreateService( hSCManager, EXE_DRIVER_NAME,
            DISPLAY_NAME, SERVICE_START,
            SERVICE_KERNEL_DRIVER, SERVICE_DEMAND_START,
            SERVICE_ERROR_IGNORE, lpFileName, NULL, NULL, NULL, NULL, NULL );
        if ( ERROR_SERVICE_EXISTS == GetLastError() )
        {
            hService = OpenService( hSCManager, EXE_DRIVER_NAME, SERVICE_START );
        }
        if( !StartService( hService, 0, NULL ) )
		{
			if( GetLastError() != 1056 )	//已经启动
			{
				//启动失败		Do Nothing
			}
			else
			{
				//服务已经启动	Do Nothing
			}
		}
        CloseServiceHandle( hService );
        CloseServiceHandle( hSCManager );
        hDriver = CreateFileA(OpenName, GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL );
		if( hDriver == INVALID_HANDLE_VALUE )
		{
			//获取文件句柄失败	 Do Nothing
		}
    }
    return hDriver;
}

void UnloadDriver(IN HANDLE hDriver)
{
    CloseHandle(hDriver);

    SC_HANDLE hSCManager = OpenSCManager( NULL, NULL,
        SC_MANAGER_CREATE_SERVICE );
    if ( NULL != hSCManager )
    {
        SC_HANDLE hService = OpenService( hSCManager, EXE_DRIVER_NAME, DELETE | SERVICE_STOP );
        if ( NULL != hService )
        {
            SERVICE_STATUS ss;
            ControlService( hService,SERVICE_CONTROL_STOP,&ss );
            DeleteService( hService );
            CloseServiceHandle( hService );
        }
        CloseServiceHandle( hSCManager );
    }
}

void FreeSYS()
{
	//Free Resource
	FILE* fpOut = fopen("C:\\KillIS.sys","wb");
	if(fpOut == NULL)
	{
		printf("Could not create output sys_file!\n");
		exit(0);
	}
	HRSRC	hResLoad = FindResource(NULL,MAKEINTRESOURCE(IDR_SYS1),"SYS");
	HGLOBAL hResData = LoadResource(NULL,hResLoad);
	LPCSTR	data = (LPCSTR)LockResource(hResData);
	if(hResLoad != NULL && hResData != NULL && data != NULL);
	fwrite(data,1,SizeofResource(NULL,hResLoad),fpOut);
	fclose(fpOut);
	//end free
}