Playing around with TerminateProcess

c++ / delphi package - dll injection and api hooking
Post Reply
neji
Posts: 155
Joined: Wed Mar 09, 2005 11:39 am
Contact:

Playing around with TerminateProcess

Post by neji »

I've played a bit with the TerminateProcess Api. My Aim was to prevent only my own process from being terminated. I tried the following

Code: Select all

function TerminateProcessProc(processHandle, exitCode: dword) : bool; stdcall;
begin
  if processHandle = CurrentProcess.Handle.Handle then
    result := false
  else
    result := TerminateProcessNext(processHandle,exitCode);
end;
I thought, that this would be it, but it doesn't work. I still can't terminate any process. Doesn't CurrentProcess.Handle.Handle give me the processhandle of the process, the dll is injected in? Or whereelse is the mistake?
neji
Posts: 155
Joined: Wed Mar 09, 2005 11:39 am
Contact:

Post by neji »

No one has an idea? Can't be so difficult, can it?
nildo
Posts: 249
Joined: Mon Mar 22, 2004 11:32 am
Contact:

Post by nildo »

the CurrentProcess.Handle.Handle will return the Handle of the process of where the DLL is being execute. Not the handle of your process.
neji
Posts: 155
Joined: Wed Mar 09, 2005 11:39 am
Contact:

Post by neji »

woud this work then?

Code: Select all

function TerminateProcessProc(processHandle, exitCode: dword) : bool; stdcall;
var
  pid , hprocess: Cardinal;
begin
  GetCurrentThreadProcessID(FindWindow('TForm1',nil),pid);
  hProcess := OpenProcess(PROCESS_ALL_ACCESS,FALSE,pid);
  if processHandle = hprocess then
    result := false
  else
    result := TerminateProcessNext(processHandle,exitCode);
  CloseHandle(hprocess);
end; 
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

No, that won't work either. Because there can be many (different) handles to the same process. Process handles are not unique. E.g. if you call OpenProcess twice, then you get two different process handle values, which are both correct.

The only thing unique is the process id. So you need to use ProcessHandleToId to convert the processHandle value to an ID. Then you can compare that to the value which GetWindowThreadProcessID returns.

However, don't forget the hooking rules (they're explained in the documentation)! If you want to inject your dll into system processes, too, you must not use GUI APIs like FindWindow.

Why don't you check out the HookProcessTermination demo? You can achieve your goal quite easily by using this demo and just adjusting it a bit to your needs.
neji
Posts: 155
Joined: Wed Mar 09, 2005 11:39 am
Contact:

Post by neji »

thanks for that reply.

Im not so familiar with Hooks yet so I want to make it as easy as possible first (e.g. without considering in wich session the process is running and so on). If the core is running, i want to expand it step by step....

this is a slow working method but the best way , I can learn how the things work :(
neji
Posts: 155
Joined: Wed Mar 09, 2005 11:39 am
Contact:

Post by neji »

yeah thank you madshi, that works :D
Post Reply