提升进程令牌

          众所周知，当我们要结束一个进程时，可以调用WINDOWS　API函数TerminateProcess函数。但是，有很多进程依然还是无法结束的，这是因为进程权限不够，这时我们可以给进程提升权限再K掉K不掉的进程。一般进程获取了SeDebugPrivilege权限后都可以杀掉大部分进程了。

//提升进程令牌函数
function AdjustProcessPrivilege(ProcessHandle:THandle;Token_Name:Pchar):boolean;
var
Token:Cardinal;   
TokenPri:_TOKEN_PRIVILEGES;
ProcessDest:int64; 
l:DWORD;
begin
  Result:=False;
  if OpenProcessToken(ProcessHandle,TOKEN_Adjust_Privileges,Token) then
  begin
    if LookupPrivilegeValue(nil,Token_Name,ProcessDest) then
    begin
      TokenPri.PrivilegeCount:=1;
      TokenPri.Privileges[0].Attributes:=SE_PRIVILEGE_ENABLED;
      TokenPri.Privileges[0].Luid:=ProcessDest;
      l:=0;
      //更新进程令牌，成功返回TRUE
      if AdjustTokenPrivileges(Token,False,TokenPri,sizeof(TokenPri),nil,l) then
        Result:=True;
    end;
  end;
end;
然后我们就可以调用该函数了：
procedure TFmMain.TBitBtn1Click(Sender: TObject);
var
ok: Bool;
ProcessListHandle: THandle;
ProcessStruct: TProcessEntry32;
ProcessID:THandle;
ProcessHandle:HWND;
Token:Cardinal;
TokenPri:_TOKEN_PRIVILEGES;
ProcessDest,a:int64;
dummy:DWORD;
begin
Memo1.Clear;
  ProcessListHandle := CreateToolHelp32Snapshot(TH32CS_SNAPPROCESS, 0);
  ProcessStruct.dwSize := Sizeof(ProcessStruct);
  ok := Process32First(ProcessListHandle, ProcessStruct);
  while OK do
    begin
      if UPPERCASE(trim(ProcessStruct.szExeFile))='TASKMGR.EXE' then
      begin
        Memo1.Lines.Add('已发现进程');
        ProcessID:=ProcessStruct.th32ProcessID;
        break;
      end;
      ok := Process32Next(ProcessListHandle, ProcessStruct);
    end;
  CloseHandle(ProcessListHandle);
if AdjustProcessPrivilege(GetCurrentProcess,'SeDebugPrivilege') then　　//提升权限
Memo1.Lines.Add('提升权限成功')
else
Memo1.Lines.Add('提升权限失败');
ProcessHandle:=OpenProcess(PROCESS_ALL_ACCESS ,False,ProcessID);　//杀进程
if TerminateProcess(ProcessHandle,1) then
begin
Memo1.lines.add('杀进程成功');
Timer1.Enabled:=False;
end
else
Memo1.lines.add('杀进程失败');
end; 
 

 

****************************************************************************************************************************************************************************************
补充 

头部请加入:Tlhelp32

//提升进程权限为DEBUG权限
procedure SetPrivilege;
var
  OldTokenPrivileges, TokenPrivileges: TTokenPrivileges;
  ReturnLength: dword;
  hToken: THandle;
  Luid: int64;
begin
  OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES, hToken);
  LookupPrivilegeValue(nil, 'SeDebugPrivilege', Luid);
  TokenPrivileges.Privileges[0].luid := Luid;
  TokenPrivileges.PrivilegeCount := 1;
  TokenPrivileges.Privileges[0].Attributes := 0;
  AdjustTokenPrivileges(hToken, False, TokenPrivileges, SizeOf(TTokenPrivileges), OldTokenPrivileges, ReturnLength);
  OldTokenPrivileges.Privileges[0].luid := Luid;
  OldTokenPrivileges.PrivilegeCount := 1;
  OldTokenPrivileges.Privileges[0].Attributes := TokenPrivileges.Privileges[0].Attributes or SE_PRIVILEGE_ENABLED;
  AdjustTokenPrivileges(hToken, False, OldTokenPrivileges, ReturnLength, PTokenPrivileges(nil)^, ReturnLength);
end;

例子：结束进程的函数供大家参考:

function KillTask(ExeFileName: string): integer; 
const 
PROCESS_TERMINATE=$0001; 
var 
ContinueLoop: BOOL; 
FSnapshotHandle: THandle; 
FProcessEntry32: TProcessEntry32; 
begin 
result := 0; 

FSnapshotHandle := CreateToolhelp32Snapshot 
(TH32CS_SNAPPROCESS, 0); 
FProcessEntry32.dwSize := Sizeof(FProcessEntry32); 
ContinueLoop := Process32First(FSnapshotHandle, 
FProcessEntry32); 

while integer(ContinueLoop) <> 0 do 
begin 
if ((UpperCase(ExtractFileName(FProcessEntry32.szExeFile)) = 
UpperCase(ExeFileName)) 
or (UpperCase(FProcessEntry32.szExeFile) = 
UpperCase(ExeFileName))) then 
Result := Integer(TerminateProcess(OpenProcess( 
PROCESS_TERMINATE, BOOL(0), 
FProcessEntry32.th32ProcessID), 0)); 
ContinueLoop := Process32Next(FSnapshotHandle, 
FProcessEntry32); 
end; 

CloseHandle(FSnapshotHandle); 
end;