所以我需要扫描Windows注册表,在控制台上显示它们,然后检查哪些值与代码中设置的名称相同
当程序找到具有目标名称的值时,我需要终止它并使用DeleteFile()从硬件中删除它。
所以我已经完成了所有通往.exe文件目的地的路径,但是当我使用DeleteFile()时;它不会删除该文件
void EndProcess(HANDLE snap, HANDLE &process, PROCESSENTRY32 pe32, TCHAR
virusName[], TCHAR valuePath[], wofstream &file)
{
process = OpenProcess(PROCESS_TERMINATE, FALSE, pe32.th32ProcessID);
if (TerminateProcess(process, 1))
{
cout << "Virus process is found and successfully terminated!" <<
endl;
file << "Virus process is found and successfully terminated!" <<
endl;
CloseHandle(process);
DeleteFile(valuePath);
}
else
{
cout << "Failed to terminate Virus process!" << endl;
file << "Failed to terminate Virus process!" << endl;
}
}
TerminateProcess是异步的,它启动终止并立即返回。也就是说,不确定该过程是否已经终止。简单的解决方案是添加Sleep()延迟。
如果您需要确保进程已终止,请使用该进程的句柄调用WaitForSingleObject函数。您还需要在打开进程句柄时添加SYNCHRONIZE访问权限:
void EndProcess(HANDLE snap, HANDLE &process, PROCESSENTRY32 pe32, TCHAR
virusName[], TCHAR valuePath[], wofstream &file)
{
process = OpenProcess(PROCESS_TERMINATE | SYNCHRONIZE, FALSE, pe32.th32ProcessID);
if (TerminateProcess(process, 1))
{
cout << "Virus process is found and successfully terminated!" <<
endl;
file << "Virus process is found and successfully terminated!" <<
endl;
WaitForSingleObject(process, INFINITE);
CloseHandle(process);
DeleteFile(valuePath);
}
else
{
cout << "Failed to terminate Virus process!" << endl;
file << "Failed to terminate Virus process!" << endl;
}
}