Page 2 of 2

Re: Prevent process killing in Windows 8

Posted: Sat Aug 23, 2014 7:46 am
by power888
Hi..

Solved it using OpenProcess and PROCESS_TERMINATE option...

BTW, in NTTerminateProcess and TerminateProcess API, when I used CreateToolhelp32Snapshot API, Process32First return FALSE.
and sometimes ProcessIdToFileName's processName return NULL.
(When I Kill process in [Process] or [User] tab in Task Manager)

Do you have a plan to support ProcessIdToFileName in NTTerminateProcess and TerminateProcess API ?

** Test Environment : Window 8.1 and 8
With Window 7, everything work fine..

Re: Prevent process killing in Windows 8

Posted: Sun Aug 31, 2014 5:27 pm
by madshi
How do you get the process ID needed for ProcessIdToFileName? Sometimes NtTerminateProcess is called with a NULL or -1 process handle. Do you handle those cases properly? I'd suggest that you log the process ID to make sure it's the correct one.

Re: Prevent process killing in Windows 8

Posted: Sun Aug 31, 2014 11:08 pm
by iconic
(HANDLE)-1 is equal to GetCurrentProcess() pseudo handle (to itself) so PID would always equal GetCurrentProcessId(). Calling TerminateProcess with a NULL handle wouldn't do anything since it's not a valid process handle causing the API to return False.
Like Madshi said, check the process handle value inside the NtTerminateProcess callback and also see what ProcessHandleToId is returning (I assume you're using this?).

--Iconic