VFP 关闭进程
VFP 如何关闭一个已知名称的进程?

在十豆三的贴子内有一个解决方法,但杀毒程序老提示有未知木马:
C:\WINDOWS\SYSTEM32\NTSD.EXE(7548) (瑞星,其它没试过)

不知还有其它方法没?


代码如下:


******只有System、SMSS.EXE和CSRSS.EXE不能结束。前两个是纯内核态的，最后那个是Win32子系统

Exit_ProFileName='sqlservr.exe' && sqlservr.exe为要结束的系统进程名称
IF GetAllProcessID('Process_CurTable')
SELECT Pth32ProcessID INTO ARRAY Exit_id FROM Process_CurTable WHERE ALLTRIM(UPPER(PszExeFile))=UPPER(Exit_ProFileName)
lcString='RUN /N7 ntsd -c q -p '+ALLTRIM(STR(Exit_id))
&lcString
ENDIF

* -------------------------------------
* 枚举当前所有进程
* -------------------------------------
FUNCTION GetAllProcessID ( lpProcTable )
lpProcTable = IIF(PARAMETERS()=1 AND TYPE([lpProcTable])=[C], lpProcTable, [AllProclists] )
DECLARE INTEGER CreateToolhelp32Snapshot IN kernel32 INTEGER lFlags, INTEGER lProcessID
DECLARE INTEGER Process32First IN kernel32 INTEGER hSnapShot, STRING @PROCESSENTRY32_uProcess
DECLARE INTEGER Process32Next IN kernel32 INTEGER hSnapShot, STRING @PROCESSENTRY32_uProcess
DECLARE INTEGER CloseHandle IN kernel32 INTEGER hObject
DECLARE INTEGER GetLastError IN kernel32

CREA CURSOR (lpProcTable) (PdwSize N(3), PcntUsage N(12), ;
Pth32ProcessID N(12), Pth32DefaultHeapID N(12), ;
Pth32ModuleID N(12), PcntThreads N(12), ;
Pth32ParentProcessID N(12), PpcPriClassBase N(3), ;
PdwFlags N(3), PszExeFile C(254) )
lnHand = 0
lnHand = CreateToolhelp32Snapshot(3,0)
IF lnHand>0
dwSize = Num2Dword(296)
cntUsage = Num2Dword(0)
th32ProcessID = Num2Dword(0)
th32DefaultHeapID = Num2Dword(0)
th32ModuleID = Num2Dword(0)
cntThreads = Num2Dword(0)
th32ParentProcessID = Num2Dword(0)
pcPriClassBase = Num2Dword(0)
dwFlags = Num2Dword(0)
szExeFile = REPLI(CHR(0), 260)
lcTitle = dwSize + cntUsage + th32ProcessID + th32DefaultHeapID ;
+ th32ModuleID + cntThreads + th32ParentProcessID ;
+ pcPriClassBase + dwFlags + szExeFile
IF Process32First(lnHand,@lcTitle) > 0 && 第一个进程是 kernel32.dll，没必要列出
DO WHILE Process32Next(lnHand,@lcTitle)> 0
INSERT INTO (lpProcTable) (PdwSize, PcntUsage, Pth32ProcessID, Pth32DefaultHeapID, ;
Pth32ModuleID, PcntThreads, Pth32ParentProcessID, ;
PpcPriClassBase, PdwFlags, PszExeFile) ;
VALUES ( ;
Dword2Num(SUBSTR(lcTitle, 1,4)), ;
Dword2Num(SUBSTR(lcTitle, 5,4)), ;
Dword2Num(SUBSTR(lcTitle, 9,4)), ;
Dword2Num(SUBSTR(lcTitle,13,4)), ;
Dword2Num(SUBSTR(lcTitle,17,4)), ;
Dword2Num(SUBSTR(lcTitle,21,4)), ;
Dword2Num(SUBSTR(lcTitle,25,4)), ;
Dword2Num(SUBSTR(lcTitle,29,4)), ;
Dword2Num(SUBSTR(lcTitle,33,4)), ;

SUBSTR(SUBSTR(lcTitle, 37), 1, AT(CHR(0),SUBSTR(lcTitle, 37))-1) )
ENDDO
ENDIF
= CloseHandle(lnHand)
RETURN .T.
ELSE
RETURN .F.
ENDIF
ENDFUNC

FUNCTION Num2Dword ( lpnNum )
DECLARE INTEGER RtlMoveMemory IN kernel32 AS RtlCopyDword STRING @pDeststring, INTEGER @pVoidSource, INTEGER nLength
lcDword = SPACE(4)
= RtlCopyDword(@lcDword, BITOR(lpnNum,0), 4)
RETURN lcDword
ENDFUNC

FUNCTION Dword2Num ( tcDword )
DECLARE INTEGER RtlMoveMemory IN kernel32 AS RtlCopyNum INTEGER @DestNumeric, STRING @pVoidSource, INTEGER nLength
lnNum = 0
=RtlCopyNum(@lnNum, tcDword, 8)
RETURN lnNum
ENDFUNC


[解决办法]
不错，来顶一个，沙发。
[解决办法]
pass by
[解决办法]

SQL code

VFP中如何结束(系统)进程？*-----------------------------------------参考文章：http://www.onlyred.com/computer/system/windows/200512/96.html-----------------------------方法一：可以结束除System、SMSS.EXE和CSRSS.EXE外所有进程******只有System、SMSS.EXE和CSRSS.EXE不能结束。前两个是纯内核态的，最后那个是Win32子系统Exit_ProFileName='sqlservr.exe' && sqlservr.exe为要结束的系统进程名称IF GetAllProcessID('Process_CurTable')    SELECT Pth32ProcessID INTO ARRAY Exit_id FROM Process_CurTable WHERE ALLTRIM(UPPER(PszExeFile))=UPPER(Exit_ProFileName)    lcString='RUN /N7 ntsd -c q -p '+ALLTRIM(STR(Exit_id))    &lcStringENDIF* -------------------------------------* 枚举当前所有进程* -------------------------------------FUNCTION GetAllProcessID ( lpProcTable )    lpProcTable = IIF(PARAMETERS()=1 AND TYPE([lpProcTable])=[C], lpProcTable, [AllProclists] )    DECLARE INTEGER CreateToolhelp32Snapshot IN kernel32 INTEGER lFlags, INTEGER lProcessID    DECLARE INTEGER Process32First IN kernel32 INTEGER hSnapShot, STRING @PROCESSENTRY32_uProcess    DECLARE INTEGER Process32Next IN kernel32 INTEGER hSnapShot, STRING @PROCESSENTRY32_uProcess    DECLARE INTEGER CloseHandle IN kernel32 INTEGER hObject    DECLARE INTEGER GetLastError IN kernel32    CREA CURSOR (lpProcTable) (PdwSize N(3), PcntUsage N(12), ;        Pth32ProcessID N(12), Pth32DefaultHeapID N(12), ;        Pth32ModuleID N(12), PcntThreads N(12), ;        Pth32ParentProcessID N(12), PpcPriClassBase N(3), ;        PdwFlags N(3), PszExeFile C(254) )    lnHand = 0    lnHand = CreateToolhelp32Snapshot(3,0)    IF lnHand>0        dwSize = Num2Dword(296)        cntUsage = Num2Dword(0)        th32ProcessID = Num2Dword(0)        th32DefaultHeapID = Num2Dword(0)        th32ModuleID = Num2Dword(0)        cntThreads = Num2Dword(0)        th32ParentProcessID = Num2Dword(0)        pcPriClassBase = Num2Dword(0)        dwFlags = Num2Dword(0)        szExeFile = REPLI(CHR(0), 260)        lcTitle = dwSize + cntUsage + th32ProcessID + th32DefaultHeapID ;            + th32ModuleID + cntThreads + th32ParentProcessID ;            + pcPriClassBase + dwFlags + szExeFile        IF Process32First(lnHand,@lcTitle) > 0  && 第一个进程是 kernel32.dll，没必要列出            DO WHILE Process32Next(lnHand,@lcTitle)> 0                INSERT INTO (lpProcTable) (PdwSize, PcntUsage, Pth32ProcessID, Pth32DefaultHeapID, ;                    Pth32ModuleID, PcntThreads, Pth32ParentProcessID, ;                    PpcPriClassBase, PdwFlags, PszExeFile) ;                    VALUES ( ;                    Dword2Num(SUBSTR(lcTitle, 1,4)), ;                    Dword2Num(SUBSTR(lcTitle, 5,4)), ;                    Dword2Num(SUBSTR(lcTitle, 9,4)), ;                    Dword2Num(SUBSTR(lcTitle,13,4)), ;                    Dword2Num(SUBSTR(lcTitle,17,4)), ;                    Dword2Num(SUBSTR(lcTitle,21,4)), ;                    Dword2Num(SUBSTR(lcTitle,25,4)), ;                    Dword2Num(SUBSTR(lcTitle,29,4)), ;                    Dword2Num(SUBSTR(lcTitle,33,4)), ;                    SUBSTR(SUBSTR(lcTitle, 37), 1, AT(CHR(0),SUBSTR(lcTitle, 37))-1) )            ENDDO        ENDIF        = CloseHandle(lnHand)        RETURN .T.    ELSE        RETURN .F.    ENDIFENDFUNCFUNCTION Num2Dword ( lpnNum )    DECLARE INTEGER RtlMoveMemory IN kernel32 AS RtlCopyDword STRING @pDeststring, INTEGER @pVoidSource, INTEGER nLength    lcDword = SPACE(4)    = RtlCopyDword(@lcDword, BITOR(lpnNum,0), 4)    RETURN lcDwordENDFUNCFUNCTION Dword2Num ( tcDword )    DECLARE INTEGER RtlMoveMemory IN kernel32 AS RtlCopyNum INTEGER @DestNumeric, STRING @pVoidSource, INTEGER nLength    lnNum = 0    =RtlCopyNum(@lnNum, tcDword, 8)    RETURN lnNumENDFUNC-----------------------------方法二：可以结束非系统进程Exit_ProFileName='QQ.exe' && QQ.exe为要结束的系统进程名称IF GetAllProcessID('Process_CurTable')    SELECT Pth32ProcessID INTO ARRAY Exit_id FROM Process_CurTable WHERE ALLTRIM(UPPER(PszExeFile))=UPPER(Exit_ProFileName)    IF ExitProcessId(Exit_id)        MESSAGEBOX('结束进程成功！',64,'信息提示')    ELSE        MESSAGEBOX('结束进程失败！',16,'信息提示')    ENDIFENDIF* -------------------------------------* 枚举当前所有进程* -------------------------------------FUNCTION GetAllProcessID ( lpProcTable )    lpProcTable = IIF(PARAMETERS()=1 AND TYPE([lpProcTable])=[C], lpProcTable, [AllProclists] )    DECLARE INTEGER CreateToolhelp32Snapshot IN kernel32 INTEGER lFlags, INTEGER lProcessID    DECLARE INTEGER Process32First IN kernel32 INTEGER hSnapShot, STRING @PROCESSENTRY32_uProcess    DECLARE INTEGER Process32Next IN kernel32 INTEGER hSnapShot, STRING @PROCESSENTRY32_uProcess    DECLARE INTEGER CloseHandle IN kernel32 INTEGER hObject    DECLARE INTEGER GetLastError IN kernel32    CREA CURSOR (lpProcTable) (PdwSize N(3), PcntUsage N(12), ;        Pth32ProcessID N(12), Pth32DefaultHeapID N(12), ;        Pth32ModuleID N(12), PcntThreads N 
 
[解决办法]
来顶~~~~下去