On Tue, 17 Jul 2001, Frank Breedijk wrote: > > I'm sure they could have told you that an administrator > > can end system processes by right clicking on them and > > choosing "Debug" and then ending the process. > > That feature is only available on systems with a debugger installed. > Mine isn't > There's no need for a debugger. SE_DEBUG privilege is simply disabled by default, and it must be enabled using AdjustTokenPrivileges(). Here's the source of a small utility I posted few years ago to ee.arvutid.microsoft, hopefully it is self-explanatory. The source has undergone some "formatting" by google archive, so there may be few underscores missing. --------------begin kill.c---------- #include <windows.h> #include <malloc.h> #include <stdio.h> #include <stdarg.h> #include <assert.h> void usage_exit( void ); void w32_error( const char *blah, ... ); int main( int argc, char **argv ) { HANDLE proc, token; TOKEN_PRIVILEGES *p = NULL, *dummy = NULL; DWORD psize = 0, i = 0; if ( argc < 2 ) usage_exit(); assert( OpenProcessToken( GetCurrentProcess(), TOKEN_ALL_ACCESS, &token ) ); while ( ! GetTokenInformation( token, TokenPrivileges, p, psize, &psize ) ) { if ( GetLastError() != ERROR_INSUFFICIENT_BUFFER ) { w32_error( "GetTokenInformation()" ); exit( 1 ); } if ( ! (p = alloca( psize ) ) ) { w32_error( "alloca( %u )", psize ); exit( 1 ); } } for ( i=0; i<p->PrivilegeCount; i++ ) p->Privileges[ i ].Attributes |= SE_PRIVILEGE_ENABLED; while ( ! AdjustTokenPrivileges( token, FALSE, p, psize, dummy, &psize ) ) { if ( GetLastError() != ERROR_INSUFFICIENT_BUFFER ) { w32_error( "AdjustTokenPrivileges()" ); exit( 1 ); } if ( ! (dummy = alloca( psize ) ) ) { w32_error( "alloca( %u )", psize ); exit( 1 ); } } while ( --argc ) { proc = OpenProcess( PROCESS_TERMINATE, FALSE, (DWORD)atoi( argv[ argc ] ) ); if ( proc == NULL ) { w32_error( "Openprocess(): PID=%s", argv[ argc ] ); continue; } if ( ! TerminateProcess( proc, 1 ) ) { (void)CloseHandle( proc ); w32_error( "TermnateProcess(): PID=%s", argv[ argc ] ); continue; } else { (void)CloseHandle( proc ); fprintf( stdout, "PID=%s killed\n", argv[ argc ] ); } } return 0; } void usage_exit( void ) { fprintf( stderr, "Usage:\tkill <pid list>\n" ); exit( 1 ); } void w32_error( const char *blah, ... ) { char *msg; va_list a; if ( FormatMessage( FORMAT MESSAGE ALLOCATE BUFFER | FORMAT MESSAGE FROM SYSTEM, NULL, GetLastError(), MAKELANGID(LANG NEUTRAL, SUBLANG_DEFAULT), (LPTSTR)&msg, 0, NULL ) ) { va_start( a, blah ); (void)vfprintf( stderr, blah, a ); (void)fprintf( stderr, ": %s\n", msg ); (void)LocalFree( msg ); va_end( a ); } }
This archive was generated by hypermail 2b30 : Wed Jul 18 2001 - 08:08:51 PDT