Sysinternals Homepage
Forum Home Forum Home > Windows Discussions > Development
  New Posts New Posts RSS Feed: System Processes
  FAQ FAQ  Forum Search   Calendar   Register Register  Login Login

System Processes
 Post Reply Post Reply Page  123>
Author
Message
  Topic Search Topic Search  Topic Options Topic Options
As-Ts View Drop Down
Newbie
Newbie
Avatar

Joined: 02 June 2009
Online Status: Offline
Posts: 12 		  Quote As-Ts Quote  Post ReplyReply Direct Link To This Post Topic: System Processes
    Posted: 02 June 2009 at 1:52pm
Hi

The  functions 'OpenProcess()' or 'TerminateProcess()' fails when trying to open or terminate a system process like 'svchost.exe' or 'smss.exe' .
How can I terminate a protected system process ?

Thanks
Back to Top
molotov View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 October 2006
Online Status: Offline
Posts: 17287 		  Quote molotov Quote  Post ReplyReply Direct Link To This Post Posted: 02 June 2009 at 2:08pm
Hi As-Ts,

Are you using Process Explorer for this, and getting messages?   Confused

If you're writing your own app, first enable SeDebugPrivilege.
Daily affirmation:
net helpmsg 4006
Back to Top
As-Ts View Drop Down
Newbie
Newbie
Avatar

Joined: 02 June 2009
Online Status: Offline
Posts: 12 		  Quote As-Ts Quote  Post ReplyReply Direct Link To This Post Posted: 02 June 2009 at 2:17pm
Hi molotov

Thanks for replying

No. I am using my own app and it can close every processes by the functions i mentioned except system processes.

I didn't work with  'SeDebugPrivilege' . Can you explain more or send me the source code (In VB or C++) please?
Thank you a lot
Back to Top
molotov View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 October 2006
Online Status: Offline
Posts: 17287 		  Quote molotov Quote  Post ReplyReply Direct Link To This Post Posted: 02 June 2009 at 2:19pm
There's an example here.

Note: topic moved to Development forum, from Process Explorer forum
Daily affirmation:
net helpmsg 4006
Back to Top
As-Ts View Drop Down
Newbie
Newbie
Avatar

Joined: 02 June 2009
Online Status: Offline
Posts: 12 		  Quote As-Ts Quote  Post ReplyReply Direct Link To This Post Posted: 02 June 2009 at 2:27pm
Are you sure this is not a wrong example? Confused
can you say what exactly must be done to terminate a Protected System Process?

Back to Top
molotov View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 October 2006
Online Status: Offline
Posts: 17287 		  Quote molotov Quote  Post ReplyReply Direct Link To This Post Posted: 02 June 2009 at 2:33pm
Protected System Process?
What do you mean by "protected"?  Vista introduces "protected processes"; SMSS.EXE and SVCHOST.EXE are not this type of a process, however. 

Are you sure this is not a wrong example?
Yes, I'm sure.  You asked for code to enable SeDebugPrivilege.  The link has a function named EnableDebugPriv that does just that.

can you say what exactly must be done to terminate a Protected System Process?
For e.g. SMSS.EXE, SVCHOST.EXE, etc... Enable SeDebugPrivilege.  Open the process of interest.  Call TerminateProcess.

Edited by molotov - 02 June 2009 at 2:35pm
Daily affirmation:
net helpmsg 4006
Back to Top
As-Ts View Drop Down
Newbie
Newbie
Avatar

Joined: 02 June 2009
Online Status: Offline
Posts: 12 		  Quote As-Ts Quote  Post ReplyReply Direct Link To This Post Posted: 02 June 2009 at 2:43pm
Ok. Thanks
I think SeDebugPrivilege is related to access rights. But I haven't any information about enabling SeDebugPrivilege.
By 'Protected' I mean the processes which won't be opened or terminated by calling OpenProcess() or TerminateProcess commonly.
Back to Top
As-Ts View Drop Down
Newbie
Newbie
Avatar

Joined: 02 June 2009
Online Status: Offline
Posts: 12 		  Quote As-Ts Quote  Post ReplyReply Direct Link To This Post Posted: 02 June 2009 at 2:52pm
Compiler Error :

'CreateRemoteThread' : cannot convert parameter 5 from 'const int' to 'void *'
Back to Top
As-Ts View Drop Down
Newbie
Newbie
Avatar

Joined: 02 June 2009
Online Status: Offline
Posts: 12 		  Quote As-Ts Quote  Post ReplyReply Direct Link To This Post Posted: 02 June 2009 at 3:19pm
I think I could enable SeDebugPrivilege but the function OpenProcess() fails.

look at this part in VB :
Sub EnableSeDebugPrivilege
   Dim hProc As Long
    Dim hToken As Long
    Dim mLUID As LUID
    Dim mPriv As TOKEN_PRIVILEGES
    Dim mNewPriv As TOKEN_PRIVILEGES
    hProc = GetCurrentProcess()
    hProc = 2108
    OpenProcessToken hProc, TOKEN_ADJUST_PRIVILEGES + TOKEN_QUERY, hToken
   
    LookupPrivilegeValue "", "SeDebugPrivilege", mLUID
    mPriv.PrivilegeCount = 1
    mPriv.Privileges(0).Attributes = SE_PRIVILEGE_ENABLED
    mPriv.Privileges(0).pLuid = mLUID
    AdjustTokenPrivileges hToken, False, mPriv, 4 + (12 * mPriv.PrivilegeCount), mNewPriv, 4    + (12 * mNewPriv.PrivilegeCount)
    MsgBox OpenProcess(process_all_access, False, 2108)

End Sub



Confused
Shocked
Back to Top
molotov View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 October 2006
Online Status: Offline
Posts: 17287 		  Quote molotov Quote  Post ReplyReply Direct Link To This Post Posted: 02 June 2009 at 3:30pm
CreateRemoteThread
You don't need CreateRemoteThread for this...

OpenProcess() fails.
What is the last error?

You're not checking if OpenProcessToken, LookupPrivilegeValue, or AdjustTokenPrivileges fail, before you call OpenProcess.

Are you running the code as an administrator, or from an account that has SeDebugPrivilege?


Edited by molotov - 02 June 2009 at 3:31pm
Daily affirmation:
net helpmsg 4006
Back to Top
 Post Reply Post Reply Page  123>

Forum Jump Forum Permissions View Drop Down

Privacy Statement