原理：让目标进程执行内存地址0，发生内存访问冲突

#include <cstdio>
#include <Windows.h>
using namespace std;

int main(int argc, char* argv[]) {
	if (argc < 2) {
		printf("%s PID\n", argv[0]);
		return 1;
	}
	HANDLE p = OpenProcess(PROCESS_ALL_ACCESS, 0, atol(argv[1]));
	if (!p) {
		fprintf(stderr, "Cannot open process % s", argv[1]);
		return 1;
	}
	HANDLE hTh = CreateRemoteThread(p, 0, 0, 0, 0, 0, 0);
	if (!hTh) { 
		fprintf(stderr, "CreateRemoteThread(%p,0,0,0,0,0,0) failed,GetLastError() == %d", 
			p, GetLastError());
		return 1; 
	}
	CloseHandle(hTh);
	return 0;
}

效果：