卸载列出残留进程
Exec(ExpandConstant('{app}\KmdUtil.exe'), 'scandll', '', SW_SHOWNORMAL, ewWaitUntilTerminated, ExecRet);
_FX ULONG Kmd_DoWindow(WCHAR *text, PGM *pgms, BOOLEAN silent)
{
static ATOM atom = 0;
RECT rc;
int w, h, x, y, xOk, xCancel;
HWND hWnd, hStatic, hList, hBtnOk, hBtnCancel;
MSG msg;
NONCLIENTMETRICS_XP ncm;
HFONT hFontVar, hFontFixed;
ULONG i;
BOOL b, OkClicked;
BOOLEAN rtl;
//
// get fonts
//
memzero(&ncm, sizeof(ncm));
ncm.cbSize = sizeof(ncm);
if (SystemParametersInfo(SPI_GETNONCLIENTMETRICS, ncm.cbSize, &ncm, 0))
hFontVar = CreateFontIndirect(&ncm.lfMessageFont);
else
hFontVar = NULL;
if (! hFontVar)
hFontVar = GetStockObject(SYSTEM_FONT);
hFontFixed = GetStockObject(ANSI_FIXED_FONT);
//
// create window
//
if (! atom) {
WNDCLASS wc;
memzero(&wc, sizeof(WNDCLASS));
wc.lpfnWndProc = Kmd_WindowProc;
wc.hInstance = GetModuleHandle(NULL);
wc.hIcon = LoadIcon(NULL, IDI_INFORMATION);
wc.hCursor = LoadCursor(NULL, IDC_ARROW);
wc.hbrBackground = (HBRUSH)(COLOR_BTNFACE + 1);
wc.lpszClassName = SANDBOXIE L"SandboxieKmdUtilWindow";
atom = RegisterClass(&wc);
}
GetWindowRect(GetDesktopWindow(), &rc);
w = rc.right - rc.left;
if (w >= 800) {
w /= 2;
x = w / 2;
} else {
w -= 32;
x = 0;
}
h = rc.bottom - rc.top;
if (h >= 600) {
h /= 2;
y = h / 2;
} else {
h -= 32;
y = 0;
}
OkClicked = FALSE;
hWnd = CreateWindowEx(
WS_EX_APPWINDOW, (LPCWSTR)atom, SANDBOXIE,
WS_POPUPWINDOW | WS_CAPTION,
x, y, w, h, NULL, NULL, NULL, &OkClicked);
//
// create static text
//
SbieDll_GetLanguage(&rtl);
i = rtl ? WS_EX_LAYOUTRTL : 0;
hStatic = CreateWindowEx(
i, L"STATIC", SbieDll_FormatMessage0(8106),
SS_LEFT | WS_CHILD | WS_VISIBLE,
5, 5, w - 15, 40, hWnd, NULL, NULL, NULL);
SendMessage(hStatic, WM_SETFONT, (WPARAM)hFontVar, FALSE);
//
// create buttons
//
wcscpy(text, SbieDll_FormatMessage0(3001));
for (i = 0; i < wcslen(text); ++i)
if (text[i] == L'&')
wmemmove(text + i, text + i + 1, wcslen(text + i));
xOk = w / 2 - 150;
xCancel = w / 2 + 50;
y = h - 65;
if (rtl) {
x = xOk;
xOk = xCancel;
xCancel = x;
}
hBtnOk = CreateWindowEx(
0, L"BUTTON", text,
BS_PUSHBUTTON | WS_CHILD | WS_TABSTOP | WS_VISIBLE,
xOk, y, 100, 25, hWnd, (HMENU)IDOK, NULL, NULL);
SendMessage(hBtnOk, WM_SETFONT, (WPARAM)hFontVar, FALSE);
wcscpy(text, SbieDll_FormatMessage0(3002));
for (i = 0; i < wcslen(text); ++i)
if (text[i] == L'&')
wmemmove(text + i, text + i + 1, wcslen(text + i));
hBtnCancel = CreateWindowEx(
0, L"BUTTON", text,
BS_PUSHBUTTON | WS_CHILD | WS_TABSTOP | WS_VISIBLE,
xCancel, y, 100, 25, hWnd, (HMENU)IDCANCEL, NULL, NULL);
SendMessage(hBtnCancel, WM_SETFONT, (WPARAM)hFontVar, FALSE);
//
// create list box and populate it
//
hList = CreateWindowEx(
0, L"LISTBOX", NULL,
LBS_NOINTEGRALHEIGHT | LBS_NOSEL
| WS_HSCROLL | WS_VSCROLL | WS_BORDER
| WS_CHILD | WS_TABSTOP | WS_VISIBLE,
5, 45, w - 15, h - 115, hWnd, NULL, NULL, NULL);
SendMessage(hList, WM_SETFONT, (WPARAM)hFontFixed, FALSE);
SendMessage(hList, LB_SETHORIZONTALEXTENT, 800, 0);
b = FALSE;
for (i = 0; pgms[i].process_id; ++i) {
pgms[i].skip = TRUE;
if (_wcsicmp(pgms[i].image, SBIESVC_EXE) == 0)
continue;
if (_wcsicmp(pgms[i].image, SBIECTRL_EXE) == 0) {
ULONG sessid;
if (ProcessIdToSessionId(GetCurrentProcessId(), &sessid))
if (pgms[i].session_id == sessid)
continue;
}
swprintf(text, L"%-48.48s PID %5d Session %d",
pgms[i].image, pgms[i].process_id, pgms[i].session_id);
SendMessage(hList, LB_ADDSTRING, 0, (LPARAM)text);
pgms[i].skip = FALSE;
b = TRUE;
}
if (! b)
return 0;
if (silent)
goto terminate_and_return;
//
// show window and do message loop
//
ShowWindow(hWnd, SW_SHOWNORMAL);
SetFocus(hBtnOk);
while (1) {
if (GetMessage(&msg, hWnd, 0, 0) <= 0)
break;
if (msg.message == WM_KEYDOWN) {
if (msg.wParam == VK_TAB) {
HWND hWndNew = GetFocus();
if (hWndNew && (GetParent(hWndNew) == hWnd)) {
hWndNew = GetWindow(hWndNew, GW_HWNDNEXT);
if (hWndNew) {
ULONG style = GetWindowLong(hWndNew, GWL_STYLE);
if (! (style & WS_TABSTOP))
hWndNew = NULL;
}
} else
hWndNew = NULL;
if (! hWndNew)
hWndNew = hBtnOk;
SetFocus(hWndNew);
}
if (msg.wParam == VK_ESCAPE)
break;
if (msg.wParam == VK_RETURN || msg.wParam == VK_SPACE) {
HWND hWndFocus = GetFocus();
if (hWndFocus != hBtnCancel)
OkClicked = TRUE;
break;
}
}
DispatchMessage(&msg);
}
DestroyWindow(hWnd);
//
// terminate programs if the OK button was clicked
//
if (! OkClicked)
return 1;
terminate_and_return:
// We don't want to call TerminateProcess on any host services that have been injected. It will create an event log entry and immediate restart.
Kmd_Stop_Host_Injected_Svcs();
for (i = 0; pgms[i].process_id; ++i) {
if (! pgms[i].skip) {
HANDLE hProcess = OpenProcess(
PROCESS_TERMINATE, FALSE, pgms[i].process_id);
if (hProcess) {
TerminateProcess(hProcess, 1);
CloseHandle(hProcess);
}
}
}
Sleep(1000);
return -1;
}