极域电子控制软件关闭脚本

Star Dust Lv1
  2026-05-17 23:12:39 2026-05-17 23:12:39 创建   2026-05-19 00:02:16 2026-05-19 00:02:16 更新  1.1k 字  5 分钟  

极域电子教室一键破解

直接上代码,干就完了(要是学校电脑没有内置python可以打包成exe)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
import ctypes
import subprocess
import sys
import os
import time

# ---------- 目标进程与服务列表 ----------
TARGET_PROCESS_NAMES = [
    "StudentMain.exe",
    "MasterHelper.exe",
    "StudentExe.exe",
    "TDNetMon.exe",
    "TASLogin.exe",
    "Student.exe",
]

SUSPICIOUS_SERVICES = [
    "USBMonitorSvc",
    "TASUSBMon",
    "WebLock",
    "YunWebLock",
    "TDUsbGuard",
    "StudentSvc",
]

# ---------- Windows API 常量 ----------
PROCESS_TERMINATE = 0x0001
THREAD_TERMINATE = 0x0001
THREAD_ALL_ACCESS = 0x1F03FF
TH32CS_SNAPTHREAD = 0x00000004
STATUS_SUCCESS = 0x00000000
SE_PRIVILEGE_ENABLED = 0x2
TOKEN_ADJUST_PRIVILEGES = 0x0020
TOKEN_QUERY = 0x0008

def is_admin():
    """检查是否以管理员权限运行"""
    return ctypes.windll.shell32.IsUserAnAdmin() != 0

def enable_debug_privilege():
    """提升当前进程权限,启用 SeDebugPrivilege(调试特权),以便访问受保护进程"""
    try:
        hToken = ctypes.c_void_p()
        if not ctypes.windll.advapi32.OpenProcessToken(
            ctypes.windll.kernel32.GetCurrentProcess(),
            TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
            ctypes.byref(hToken)):
            return
        luid = ctypes.c_ulonglong()
        if not ctypes.windll.advapi32.LookupPrivilegeValueW(
            None, "SeDebugPrivilege", ctypes.byref(luid)):
            ctypes.windll.kernel32.CloseHandle(hToken)
            return
        # 构造 TOKEN_PRIVILEGES 结构体
        tp = (ctypes.c_ulong,) * 4
        tp = type(tp)(
            1, luid, SE_PRIVILEGE_ENABLED, 0
        )
        ctypes.windll.advapi32.AdjustTokenPrivileges(hToken, False, ctypes.byref(tp), 0, None, None)
        ctypes.windll.kernel32.CloseHandle(hToken)
    except:
        pass

# ---------- 多种进程终止手段(分层强杀) ----------
def kill_by_taskkill(proc):
    """使用系统 taskkill 命令终止进程及其子进程"""
    subprocess.run(["taskkill", "/f", "/t", "/im", proc], capture_output=True, timeout=10)

def kill_by_wmic(proc):
    """使用 WMIC 命令行工具删除进程"""
    subprocess.run(["wmic", "process", "where", f"name='{proc}'", "delete"], capture_output=True, timeout=10)

def kill_by_powershell(proc):
    """通过 PowerShell 的 Stop-Process 强制停止进程"""
    subprocess.run(["powershell", "-Command", f"Stop-Process -Name '{os.path.splitext(proc)[0]}' -Force -ErrorAction SilentlyContinue"], capture_output=True, timeout=10)

def kill_by_zwterminate(pid):
    """直接调用 ntdll.dll 的 ZwTerminateProcess 底层 API 终止进程(绕过部分保护)"""
    try:
        hProcess = ctypes.windll.kernel32.OpenProcess(PROCESS_TERMINATE, False, pid)
        if hProcess:
            ctypes.windll.ntdll.ZwTerminateProcess(hProcess, 0)
            ctypes.windll.kernel32.CloseHandle(hProcess)
    except:
        pass

def kill_by_ntsd(pid):
    """使用 ntsd 调试器附加进程并执行退出命令(旧式调试终止法)"""
    ntsd = "ntsd"
    try:
        subprocess.run([ntsd, "-c", "q", "-p", str(pid)], capture_output=True, timeout=10)
    except FileNotFoundError:
        pass
    except:
        pass

def terminate_threads_of_process(pid):
    """遍历进程的所有线程并逐一 TerminateThread,使进程无法正常运行"""
    try:
        hSnapshot = ctypes.windll.kernel32.CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0)
        if hSnapshot == -1:
            return

        class THREADENTRY32(ctypes.Structure):
            _fields_ = [
                ("dwSize", ctypes.c_ulong),
                ("cntUsage", ctypes.c_ulong),
                ("th32ThreadID", ctypes.c_ulong),
                ("th32OwnerProcessID", ctypes.c_ulong),
                ("tpBasePri", ctypes.c_ulong),
                ("tpDeltaPri", ctypes.c_ulong),
                ("dwFlags", ctypes.c_ulong),
            ]

        te = THREADENTRY32()
        te.dwSize = ctypes.sizeof(THREADENTRY32)
        tids = []
        if ctypes.windll.kernel32.Thread32First(hSnapshot, ctypes.byref(te)):
            while True:
                if te.th32OwnerProcessID == pid:
                    tids.append(te.th32ThreadID)
                if not ctypes.windll.kernel32.Thread32Next(hSnapshot, ctypes.byref(te)):
                    break
        ctypes.windll.kernel32.CloseHandle(hSnapshot)

        for tid in tids:
            hThread = ctypes.windll.kernel32.OpenThread(THREAD_TERMINATE, False, tid)
            if hThread:
                ctypes.windll.kernel32.TerminateThread(hThread, 0)
                ctypes.windll.kernel32.CloseHandle(hThread)
    except:
        pass

# ---------- 服务控制 ----------
def stop_suspicious_services():
    """停止并禁用、删除目标服务,防止监控/保护服务重启进程"""
    for svc in SUSPICIOUS_SERVICES:
        try:
            subprocess.run(["sc", "stop", svc], capture_output=True, timeout=10)
            subprocess.run(["sc", "config", svc, "start=", "disabled"], capture_output=True, timeout=10)
            subprocess.run(["sc", "delete", svc], capture_output=True, timeout=10)
        except:
            pass

# ---------- 进程查找 ----------
def get_pids_by_name(proc):
    """通过 tasklist 命令获取指定进程名的所有 PID 列表"""
    pids = []
    try:
        out = subprocess.check_output(["tasklist", "/fi", f"IMAGENAME eq {proc}", "/fo", "csv"],
                                      encoding="gbk", errors="ignore")
        lines = out.strip().split('\n')
        for line in lines[1:]:
            parts = line.replace('"', '').split(',')
            if len(parts) >= 2 and parts[1].strip().isdigit():
                pids.append(int(parts[1].strip()))
    except:
        pass
    return pids

# ---------- 主流程 ----------
def main():
    # 确保以管理员权限运行,若不是则尝试提权重启
    if not is_admin():
        ctypes.windll.shell32.ShellExecuteW(None, "runas", sys.executable, __file__, None, 1)
        sys.exit(0)

    # 启用调试特权,保证能访问系统关键进程
    enable_debug_privilege()

    # 收集所有目标进程的 PID
    all_pids = []
    for proc in TARGET_PROCESS_NAMES:
        pids = get_pids_by_name(proc)
        if pids:
            all_pids.extend(pids)

    # 第一轮:使用常规命令终止(taskkill / wmic / powershell)
    for proc in TARGET_PROCESS_NAMES:
        kill_by_taskkill(proc)
        kill_by_wmic(proc)
        kill_by_powershell(proc)
    time.sleep(1)

    # 第二轮:对存活 PID 使用底层 API 强制终止
    for pid in set(all_pids):
        kill_by_zwterminate(pid)
    time.sleep(0.5)

    # 第三轮:尝试用调试器 ntsd 终止(若存在)
    for pid in set(all_pids):
        kill_by_ntsd(pid)
    time.sleep(0.5)

    # 第四轮:终止进程内所有线程,使其彻底瘫痪
    for pid in set(all_pids):
        terminate_threads_of_process(pid)

    # 停止相关服务,防止进程被守护服务重启
    stop_suspicious_services()

    # 最后检查:循环最多3次,确保没有残留进程
    for _ in range(3):
        still_alive = False
        for proc in TARGET_PROCESS_NAMES:
            if get_pids_by_name(proc):
                still_alive = True
                kill_by_taskkill(proc)
                kill_by_wmic(proc)
        if not still_alive:
            break
        time.sleep(1)

if __name__ == "__main__":
    main()
  • 标题: 极域电子控制软件关闭脚本
  • 作者: Star Dust
  • 创建于 : 2026-05-17 23:12:39
  • 更新于 : 2026-05-19 00:02:16
  • 链接: https://starblog.qzz.io/posts/b6a5d447.html
  • 版权声明: 版权所有 © Star Dust,禁止转载。
评论
目录
极域电子控制软件关闭脚本
  1. 极域电子教室一键破解