C++

Forum

 
Enum(), openprocess() and terminate process()

Mar 15, 2012 at 3:02am
IWishIKnew (1364)
Hers the problem:

1
2
3
4
5
 
HANDLE OpenProcess(
        DWORD dwDesiredAccess,  // access flag
        BOOL bInheritHandle,    // handle inheritance option
        DWORD dwProcessId       // process identifier
    );


say all the information here needed is known. Can someone pick this thing apart for me so i can figure this out please? All of the variables are undefined. dwProcessID could be ANYTHING for all i know. it could be blablabla.exe or whatever. Please do the same for terminate and enum please, im having trouble understanding where the h*ll these variables are coming from, what they represent, and how in heck they are defined.

No where can i find a DETAILED explaination of this that actually makes sense, so i appreciate your help in this.
Last edited on Mar 15, 2012 at 3:02am
Mar 15, 2012 at 7:52am
modoran (2077)
Mar 15, 2012 at 3:43pm
Texan40 (645)
Mar 15, 2012 at 4:53pm
Stewbond (2827)
Go to
http://msdn.microsoft.com/en-us/library/windows/desktop/ms684320(v=vs.85).aspx
Then follow the link to
http://msdn.microsoft.com/en-us/library/windows/desktop/ms684880(v=vs.85).aspx

This gives you a hint for your first parameter. Since you are specifically interested in Enum, OpenProcess and TerminateProcess, then you are probably trying to kill a specific process. In that case for dwDesiredAccess you will want:
DWORD dwDesiredAccess = PROCESS_TERMINATE | PROCESS_QUERY_INFORMATION;

If you are trying to kill a process, you don't need to inherit a Handle so the second parameter can be 0.

DWORD dwProcessId is the ID of the process you are opening, we will get this from enumProcesses().


All togeather this is probably what you want: 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
 
#include <Windows.h>
#include <Psapi.h>
#include <iostream>
using std::cout; using std::endl;

#define MAX_PROCS 256
int main()
{
    DWORD pProcessIds[MAX_PROCS], nb_Processes, NameSize;
    HANDLE hProcess;
    char lpBaseName[MAX_PATH], TerminateMe[] = "Notepad.exe";// The process name you want to kill

    // Get an array of all of the processes
    if (!EnumProcesses(pProcessIds, sizeof(DWORD)*MAX_PROCS, &nb_Processes))
        cout << "Enum Processes Failed.  Error code: " << GetLastError() << endl;
    
    nb_Processes /= sizeof(DWORD); // Convert from bytes to indexes

    for (DWORD i = 0; i < nb_Processes; i++)
    {
        hProcess = OpenProcess(PROCESS_TERMINATE | PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, 0, pProcessIds[i]);
    
        if (hProcess != NULL) // If the process couldn't be opened, it's probably a system process and we shouldn't terminate it
        {
            // This will tell us the name of the current process
            NameSize = GetModuleBaseNameA(hProcess, NULL, lpBaseName, MAX_PATH);
        
            // For information only:
            lpBaseName[NameSize] = '\0';
            cout << "Name: " << lpBaseName << "\tPID:" << pProcessIds[i] << endl;
        
            if (NameSize != 0) // If the name has 0 characters, it's probably not the process your looking for
            {
                bool match = true;
                for (DWORD j = 0; j < NameSize; j++) // Is this name different from the one we're searching for?
                    if (lpBaseName[i] != TerminateMe[i])    
                        match = false; // Not the droids your looking for
            
                if (match)    // If we found it, kill it
                {
                    BOOL nError = TerminateProcess(hProcess, 0);
                    if (nError)
                        cout << "Process terminated!" << endl;
                    else
                        cout << "Process found but could not be terminated.  Error code: " << GetLastError() << endl;
                }
            }
            CloseHandle(hProcess);
        }
    }
}
Edit & run on cpp.sh


Don't forget to link to psapi.lib.

References:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms686714(v=vs.85).aspx
http://msdn.microsoft.com/en-us/library/windows/desktop/ms683196(v=vs.85).aspx
http://msdn.microsoft.com/en-us/library/windows/desktop/ms724211(v=vs.85).aspx
http://msdn.microsoft.com/en-us/library/windows/desktop/ms682629(v=vs.85).aspx
http://msdn.microsoft.com/en-us/library/windows/desktop/ms684320(v=vs.85).aspx
http://msdn.microsoft.com/en-us/library/windows/desktop/ms684880(v=vs.85).aspx

I haven't tested this code, but it should work. I wrote something similar using these same functions recently.

Edit: WARNING: I just tried to run this and it killed most of the processes on my machine. I'm not exactly sure why that happened, but it's something to do with the string compare method I used.
Last edited on Mar 15, 2012 at 5:17pm
Mar 19, 2012 at 3:01am
IWishIKnew (1364)
i noticed that you declared pProcessIDs as DWORD. what does somthing that is declared as DWORD do? What is a DWORD object for/what do we use it for?

also, i recomend you not use a bool to "match" the strings... try a loop that runs somthing like this:

1
2
3
4
5
6
7
8
9
10
 
string process_handle, pTerminate = "notepad.exe";
for(int x = 1; x <= max_names_in_array; x++)
{
    process_handle = funct_that_gets_name[x]
    if(process_handle == pTerminate)
    {
        TerminateProcess(process_handle, 0);
        break;
    }
}


I know it probably looks like a script kiddie wrote it, but im still trying to get these functions right... I still cant fully understand them. But my guess it that the bool is initialized as true, but then set to false. Because it keeps looping, if the process you are terminating isnt the last one, it will turn up false.

example:

input | output

bla.exe | false
blabla.exe | false
bla1.exe | false
notepad.exe | true
blablabla | false

so it ends up false even though it found the process. Also, i noticed you didnt include arguments in your last if statements. I dont know if you purposly did that or what, but if((match == false) || (match == true)) you should distinguish them in the code.
Last edited on Mar 19, 2012 at 3:16am
Mar 19, 2012 at 3:09am
modoran (2077)
DWORD is a typedef for unsigned long in windows world.
Mar 19, 2012 at 3:18am
IWishIKnew (1364)
ok.
Topic archived. No new replies allowed.