on 2001-07-17 12:11, Alun Jones at alunat_private wrote: > At 11:58 AM 7/17/2001, Chris Adams wrote: >> on 2001-07-17 09:20, Justin Nelson at securityat_private wrote: >>> Under Windows 2000 Pro, I made a copy of "notepad.exe" renamed to >>> "winlogon.exe", and could not kill it via the Task Manager. Both the 'kill' >>> command and the VC++ debugger were able to kill it. >> >> Task Manager is really inconsistent - I renamed a copy of notepad to >> winlogon.exe. If I start it and try to kill it through the "Applications" >> tab of the task manager, it will be killed as normal. If I try to kill it >> through the "Processes" tab, task manager won't let me. > > The answer here is that the "End Task" button on the "Applications" tab > tries to send a WM_QUIT message to the foreground window. The "End > Process" (note the different name) button on the "Processes" tab calls > TerminateProcess() on the process. > > Task Manager _is_ being consistent - it's just that you don't seem to > understand the difference between "Tasks" / "Applications" (really just > windows with no parent) and "Processes" (which are true processes). Whoa - can the flames, please. The reasons why this happen make sense but the user interface is inconsistent. That's the problem here - a non system task will be reported as a system task, even though it's not and can easily be terminated. The end process button will have different results depending on whether it checks its hardcoded process list before attempting to kill something. Chris
This archive was generated by hypermail 2b30 : Tue Jul 17 2001 - 13:16:21 PDT