Proper Kill (Process) by ID or Name

b1be · Post by **b1be** » Tue Aug 08, 2006 8:50 pm

#TH32CS_SNAPHEAPLIST = $1
#TH32CS_SNAPPROCESS = $2
#TH32CS_SNAPTHREAD = $4
#TH32CS_SNAPMODULE = $8
#TH32CS_SNAPALL = #TH32CS_SNAPHEAPLIST | #TH32CS_SNAPPROCESS | #TH32CS_SNAPTHREAD | #TH32CS_SNAPMODULE
#TH32CS_INHERIT = $80000000
#INVALID_HANDLE_VALUE = -1
#MAX_PATH = 260
#PROCESS32LIB = 9999
#PSAPI = 9998

Procedure.s ExePath(); - Return the path and name of the running execute
  Prg.s = Space(#MAX_PATH+1)
  GetModuleFileName_(GetModuleHandle_(0), @Prg, #MAX_PATH)
  ProcedureReturn Prg
EndProcedure

Procedure AssignDebugPrivilege() 
  
  
  #TOKEN_QUERY = $8 
  #TOKEN_ADJUST_PRIVILEGES = $20 
  
  #SE_DEBUG_NAME = "SeDebugPrivilege" 
  
  Priv.TOKEN_PRIVILEGES 
  PrivOld.TOKEN_PRIVILEGES 
  
  cbPriv = SizeOf(PrivOld) 
  
  hToken.l 
  
  Result = OpenThreadToken_(GetCurrentThread_(), #TOKEN_QUERY|#TOKEN_ADJUST_PRIVILEGES, #True, @hToken.l) 
  
  If Result=#False 
    If GetLastError_()<>#ERROR_NO_TOKEN 
      ProcedureReturn #False 
    EndIf 
    
    If OpenProcessToken_(GetCurrentProcess_(),#TOKEN_QUERY|#TOKEN_ADJUST_PRIVILEGES,@hToken)=#False 
      ProcedureReturn #False 
    EndIf 
  EndIf 
  
  Priv\PrivilegeCount = 1 
  Priv\Privileges[0]\Attributes = #SE_PRIVILEGE_ENABLED 
  LookupPrivilegeValue_(0, #SE_DEBUG_NAME, @Priv\Privileges[0]\Luid) 
  
  If AdjustTokenPrivileges_(hToken,#False,@Priv,SizeOf(Priv),@PrivOld,@cbPriv)=#False 
    dwError = GetLastError_() 
    CloseHandle_(hToken) 
    ProcedureReturn SetLastError_(dwError) 
  EndIf 
  
  If GetLastError_() = #ERROR_NOT_ALL_ASSIGNED 
    CloseHandle_(hToken) 
    ProcedureReturn SetLastError_(#ERROR_ACCESS_DENIED) 
  EndIf 
  
  ProcedureReturn #True 
  
EndProcedure

AP=AssignDebugPrivilege()
If AP:
Else
  OpenConsole()
  PrintN("Warning, System Error:"+Str(AP))
  CloseConsole()
EndIf

CommandC.s=ProgramParameter()

pid=Val(UCase(CommandC))
If Len(Str(pid))<Len(CommandC)
  Gosub PidName
  pid=ResultPid
  Goto KillProcess2
Else
  Goto KillProcess2
EndIf 


PidName:
  ResultPid.l=0
  If OpenLibrary (#PROCESS32LIB, "kernel32.dll")
    snap = CallFunction (#PROCESS32LIB, "CreateToolhelp32Snapshot", #TH32CS_SNAPPROCESS, 0)
    If snap
      Define.PROCESSENTRY32 Proc32
      Proc32\dwSize = SizeOf (PROCESSENTRY32)
      If CallFunction (#PROCESS32LIB, "Process32First", snap, @Proc32)
        If UCase(PeekS (@Proc32\szExeFile))=UCase(CommandC):ResultPid=Proc32\th32ProcessID:EndIf
        While CallFunction (#PROCESS32LIB, "Process32Next", snap, @Proc32)
          If UCase(PeekS (@Proc32\szExeFile))=UCase(CommandC):ResultPid=Proc32\th32ProcessID:EndIf
        Wend      
      EndIf   
      CloseHandle_ (snap)
    EndIf
    CloseLibrary (#PROCESS32LIB)
  EndIf
Return
  
  
NamePid:
    ResultName.s=""
    If OpenLibrary (#PROCESS32LIB, "kernel32.dll")
      snap = CallFunction (#PROCESS32LIB, "CreateToolhelp32Snapshot", #TH32CS_SNAPPROCESS, 0)
      If snap
        Define.PROCESSENTRY32 Proc32
        Proc32\dwSize = SizeOf (PROCESSENTRY32)
        If CallFunction (#PROCESS32LIB, "Process32First", snap, @Proc32)
          If Proc32\th32ProcessID=pid:ResultName=PeekS (@Proc32\szExeFile):EndIf  
          While CallFunction (#PROCESS32LIB, "Process32Next", snap, @Proc32)
            If Proc32\th32ProcessID=pid:ResultName=PeekS (@Proc32\szExeFile):EndIf  
          Wend      
        EndIf   
        CloseHandle_ (snap)
      EndIf
      CloseLibrary (#PROCESS32LIB)
    EndIf
    Return
    
KillProcess2:
    If pid<>0
      Gosub NamePid
      phandle = OpenProcess_ (#PROCESS_TERMINATE, #True, pid)
      If phandle <> #Null
        If TerminateProcess_ (phandle, 1)
          OpenConsole()
          PrintN("Process  -> "+ResultName+" ["+Str(pid)+"] <-  Killed")
          CloseConsole()
        Else
          OpenConsole()
          PrintN("Failed To Kill: "+ResultName+" ["+Str(pid)+"]")
          PrintN("Reason, System Message:"+Str(GetLastError_()))
          CloseConsole() 
        EndIf
        CloseHandle_ (phandle)
      EndIf
      End
    Else
      OpenConsole()
      PrintN("Usage: "+ GetFilePart(ExePath()) + " [ProgramID|ProgramExeName]")
      CloseConsole()
    EndIf
End

the big difference is

Max.Â² wrote:

Code: Select all

Procedure AssignDebugPrivilege() 
  
  
  #TOKEN_QUERY = $8 
  #TOKEN_ADJUST_PRIVILEGES = $20 
    
  #SE_DEBUG_NAME = "SeDebugPrivilege" 
  
  Priv.TOKEN_PRIVILEGES 
  PrivOld.TOKEN_PRIVILEGES 
  
  cbPriv = SizeOf(PrivOld) 
  
  hToken.l 
  
  Result = OpenThreadToken_(GetCurrentThread_(), #TOKEN_QUERY|#TOKEN_ADJUST_PRIVILEGES, #True, @hToken.l) 
  
  If Result=#False 
    If GetLastError_()<>#ERROR_NO_TOKEN 
      ProcedureReturn #False 
    EndIf 
    
    If OpenProcessToken_(GetCurrentProcess_(),#TOKEN_QUERY|#TOKEN_ADJUST_PRIVILEGES,@hToken)=#False 
      ProcedureReturn #False 
    EndIf 
  EndIf 
  
  Priv\PrivilegeCount = 1 
  Priv\Privileges[0]\Attributes = #SE_PRIVILEGE_ENABLED 
  LookupPrivilegeValue_(0, #SE_DEBUG_NAME, @Priv\Privileges[0]\Luid) 
  
  If AdjustTokenPrivileges_(hToken,#False,@Priv,SizeOf(Priv),@PrivOld,@cbPriv)=#False 
    dwError = GetLastError_() 
    CloseHandle_(hToken) 
    ProcedureReturn SetLastError_(dwError) 
  EndIf 
    
  If GetLastError_() = #ERROR_NOT_ALL_ASSIGNED 
    CloseHandle_(hToken) 
    ProcedureReturn SetLastError_(#ERROR_ACCESS_DENIED) 
  EndIf 
    
  ProcedureReturn #True 
  
EndProcedure

wich gives you access over System Processes ...

just try kill svchost.exe or kill winlogon.exe with the above procedure included , and without it ... you will notice the difference

why gosub and not procedures?

Hi-Toro wrote:It seems that for some reason, Proc32Next () fails when called from inside a function. Weird thing is, it does this when called from Blitz too! Must be an obscure Windows bug...?

stated on windows 9x
i took his word on that

compile with console mode (did not test on 9x)

i am not a native English/American (bare with my poor english)