📄 killprocess.cpp
字号:
LARGE_INTEGER ShortTime = {(ULONG)(-10 * 1000 * 100), -1}; // 100 milliseconds
#define PS_SET_BITS(Flags, Flag) \
RtlInterlockedSetBitsDiscardReturn (Flags, Flag)
#define PS_TEST_SET_BITS(Flags, Flag) \
RtlInterlockedSetBits (Flags, Flag)
NTSTATUS
PspTerminateThreadByPointer(
IN PETHREAD Thread,
IN NTSTATUS ExitStatus,
IN BOOLEAN DirectTerminate
)
/*++
Routine Description:
This function causes the specified thread to terminate.
Arguments:
ThreadHandle - Supplies a referenced pointer to the thread to terminate.
ExitStatus - Supplies the exit status associated with the thread.
DirectTerminate - TRUE is its ok to exit without queing an APC, FALSE otherwise
--*/
{
NTSTATUS Status;
PKAPC ExitApc=NULL;
ULONG OldMask;
PAGED_CODE();
if (DirectTerminate && Thread == PsGetCurrentThread()) {
ASSERT (KeGetCurrentIrql() < APC_LEVEL);
//PS_SET_BITS (&Thread->CrossThreadFlags, PS_CROSS_THREAD_FLAGS_TERMINATED);
//PspExitThread (ExitStatus);
DbgPrint("Error While call PspExitThread");
//
// Never Returns
//
} else {
//
// Cross thread deletion of system threads won't work.
//
Status = STATUS_SUCCESS;
while (1) {
ExitApc = (PKAPC) ExAllocatePoolWithTag (NonPagedPool,
sizeof(KAPC),
'xEsP');
if (ExitApc != NULL) {
break;
}
KeDelayExecutionThread(KernelMode, FALSE, &ShortTime);
}
//
// Mark the thread as terminating and call the exit function.
//
//OldMask = PS_TEST_SET_BITS (&Thread->CrossThreadFlags, PS_CROSS_THREAD_FLAGS_TERMINATED);
//
// If we are the first to set the terminating flag then queue the APC
//
/*if ((OldMask & PS_CROSS_THREAD_FLAGS_TERMINATED) == 0) {
KeInitializeApc (ExitApc,
PsGetKernelThread (Thread),
OriginalApcEnvironment,
PsExitSpecialApc,
PspExitApcRundown,
PspExitNormalApc,
KernelMode,
ULongToPtr (ExitStatus));
if (!KeInsertQueueApc (ExitApc, ExitApc, NULL, 2)) {
//
// If APC queuing is disabled then the thread is exiting anyway
//
ExFreePool (ExitApc);
Status = STATUS_UNSUCCESSFUL;
} else*/ {
//
// We queued the APC to the thread. Wake up the thread if it was suspended.
//
// KeForceResumeThread (&Thread->Tcb);
}
} else {
ExFreePool (ExitApc);
}
}
return Status;
}
NTSTATUS
PspTerminateProcess(
PEPROCESS Process,
NTSTATUS ExitStatus
)
/*++
Routine Description:
This function causes the specified process and all of
its threads to terminate.
Arguments:
ProcessHandle - Supplies a handle to the process to terminate.
ExitStatus - Supplies the exit status associated with the process.
--*/
{
PETHREAD Thread;
NTSTATUS st;
PAGED_CODE();
//
// Mark process as deleting
//
// PS_SET_BITS (&Process->Flags, PS_PROCESS_FLAGS_PROCESS_DELETE);
st = STATUS_NOTHING_TO_TERMINATE;
for (Thread = PsGetNextProcessThread (Process, NULL);
Thread != NULL;
Thread = PsGetNextProcessThread (Process, Thread)) {
st = STATUS_SUCCESS;
PspTerminateThreadByPointer (Thread, ExitStatus, FALSE);
}
//
// If there are no threads in this process then clear out its handle table.
// Do the same for processes being debugged. This is so a process can never lock itself into the system
// by debugging itself or have a handle open to itself.
//
if (st == STATUS_NOTHING_TO_TERMINATE || Process->DebugPort != NULL) {
ObClearProcessHandleTable (Process);
st = STATUS_SUCCESS;
}
return st;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -