Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Terminate process by name.

Posted on 1998-11-19
Last Modified: 2013-12-28
   Hi.   I need to write program that terminates
all processes with specific name.Can somebody advise me how
can I do that?

Question by:dpodvaln
  • 4
  • 2
  • 2
  • +1

Expert Comment

ID: 1794920
Explain yourself a little more...
What kind of processes ?
Any Service ?

Expert Comment

ID: 1794921
Sorry, i did not want to write an answer before. Only a comment...

Expert Comment

ID: 1794922
If they have a main window, you can write and install a WH_CBT hook to kill them off before they even show onscreen.  That's what I did to kill off browser downloads here.  The download windows are new toplevel windows, so I caught HCBT_CREATEWND and moidered da lil buggers right there.  I SendMessage a WM_CLOSE first, then return 1 so the window is *destroyed*.  Source on request!  (I need the points, darnit. ;-)

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.


Author Comment

ID: 1794923
    Process that I want to terminate not necesserally has a main
window.   I want to do something like this :
   1.  process_pid = ProcessName2PID(process_name);
   2.  TerminateProcess(pid);

But I don't know how to do first step of this "algorithm".


Expert Comment

ID: 1794924
Well, you can iterate through all processes and find the PID corresponding to your required process. (using ToolHelp functions)

Here goes a Delphi code i used to find the PID of the process created by a given EXE file.

if Process32First(Handle,ProcessEntry) then
   found := (EXEName =  String(ProcessEntry.szExeFile));
   until found or (not Process32Next(Handle,ProcessEntry));


Expert Comment

ID: 1794925
TerminateProcess() is baaaaaaaaaaaaad.  The SDK docs say so.

Expert Comment

ID: 1794926
btw, ToolHelp functions work in NT5 and in  NT4 with SP4 installed.

Author Comment

ID: 1794927
   Sorry, I forgot to mention this.   I need this to the WinNT.
Not for the Win95.

    P.S.  ahalya : MSDN says that CreateToolhelp32Snapshot
function works only under Win 95.  So I suppose Your answer
will not work on WinNT.

Expert Comment

ID: 1794928
if i recall right, in addition to Win95, ToolHelp functions work in NT5 and NT4 with SP4 installed.

Accepted Solution

ahalya earned 150 total points
ID: 1794929

Here is the MS kb article on this:  q175-0-30.txt

This code works on NT (by using the PSAPI.DLL, download from MS) and Win95.
(i've removed the documentation on W95 to cut down the size).

using PSAPI.DLL you get the equivalent of "ToolHelp" functions in Win95.

may be only the link would have been enough. but if you haven't already "registered" with MS, then going through their "registration process" to access the article takes an awful lot of patience. That's why 've pasted the code below.
Microsoft Win32 Application Programming Interface (API) included with:
         - Microsoft Windows NT version 4.0 - Microsoft Windows 95


One common programming problem in Win32 is the need to enumerate all "applications". The Task Manager under Windows NT 4.0 is a perfect  example of this. It lists "applications" in two ways. The first tab of the Task Manager lists all "application windows" on the desktop. The second tab of the Task Manager lists all the "processes" in the system. This article provides details on how to perform both these tasks in Windows 95 and Windows NT.


Windows NT and the PSAPI.DLL:

The Windows NT approach to creating a list of processes uses functions from the PSAPI.DLL. The PSAPI.DLL file is distributed with the Platform  SDK, which is available at http://www.microsoft.com/msdn/sdk (path: \MSSDK\bin\winnt\psapi.dll). The PSAPI.H and PSAPI.LIB files that you need are also included with the Platform SDK (paths: \Mssdk\samples\sdktools\image\winnt\pfmon\psapi.h and    \Mssdk\samples\sdktools\image\winnt\pfmon\psapi.lib).

To use the functions in the PSAPI.DLL, add the PSAPI.LIB file to your project, and include the PSAPI.H file with any modules that call the PSAPI.DLL functions. Remember to distribute the PSAPI.DLL file with any executable that uses it, as it is not currently distributed with the  crerating system.

Like the ToolHelp32 functions, the PSAPI.DLL also contains a variety of useful functions. However, this article only discusses those functions that are  relevant to enumerating processes:

        EnumProcesses(), EnumProcessModules(), GetModuleFileNameEx(),

     EnumProcesses() is the first step in creating a list of processes in the system. Following is its declaration:

        BOOL EnumProcesses( DWORD *lpidProcess, DWORD cb, DWORD *cbNeeded );

     EnumProcesses() takes a pointer to a DWORD array (lpidProcess), the size of the array (cb), and  a pointer to a DWORD to return the length of the data returned(cbNeeded). The DWORD array is  populated with an array of process ID's for the processes in the system. The pointer to the  DWORD parameter (cbNeeded) returns the size of the array that is used. The following calculation tells you how many process IDs were returned: nReturned = cbNeeded /
 sizeof(DWORD). One important note should be made. Although the documentation names the  returned DWORD "cbNeeded", there is actually no way to find out how big the passed in array  must be. EnumProcesses() will never return a value in cbNeeded that is larger than the size  of  array value that you passed in the cb parameter. As a result the only way to assure success with  the EnumProcesses() function is to allocate a DWORD array, if cbNeeded == cb upon return, allocate a larger array and try again until cbNeeded is smaller than cb.

Now you have an array with each process ID in the system. If your goal is to get the name of the process, then you must first get a handle. To get a handle from a process ID, use  

     Once you have a handle you will need to get the "first" module of the process. To get the first module of a process call the EnumProcessModules()
     API with the following parameters:

        EnumProcessModules( hProcess, &hModule, sizeof(hModule), &cbReturned );

This will put the handle of the first module of the process in the hModule variable. Remember  that a process doesn't really have a name, but that the first module in the process is going to     be the executable of the process. Now you can use the hModule with the  GetModuleFileNameEx(), GetModuleBaseName() to get the full path name, or the simple module name for the process executable. Both functions take the handle to the process, handle to the  module, and a buffer pointer in which to return the name, followed by the size of the buffer.

By repeating this for each process ID returned with the EnumProcesses(),you create a list of processes under Windows NT.

6-Bit Processes:
In Windows 95 16-bit applications are equal citizens as far as ToolHelp32 is concerned. 16-Bit applications have process IDs etc., just like Win32  applications. However, this is not the case under Windows NT.

16-Bit applications running under Windows NT run in what is called a Virtual Dos Machine (VDM). EnumProcesses will not recognize any 16-bit  applications in the system, however it will return the 32-bit NTVDM processes under which the 16-bit EXE's are running. To enumerate 16-bit  applications under Windows NT you must use a function called EnumTaskWOWEx(). You must include the VDMDBG.H in your source module,  and the VDMDBG.LIB file should be linked with your project. These two files are shipped with the Platform SDK.

The declaration of this function is as follows:

                                     LPARAM lparam );

where dwProcessId is the id of the NTVDM process whose 16-bit tasks you want to enumerate.  The fp parameter is a pointer to a callback "enum" function. And the lparam parameter is a user-defined lparam to be passed to your enum function.

Your "enum" function should be defined as follows:
    BOOL WINAPI Enum16( DWORD dwThreadId, WORD hMod16, WORD hTask16, PSZ
                           pszModName, PSZ pszFileName, LPARAM lpUserDefined );

This function will be called once per 16-bit task running under the NTVDM process passed into VDMEnumTaskWOWEx(). You should return FALSE if you wish to continue enumerating and TRUE  if you wish to end enumeration. NOTE: This is the opposite of EnumWindows().

Sample Code

The following sample code encapsulates the PSAPI.DLL and ToolHelp32 functions into one function called "EnumProcs()". This function works similar to EnumWindows() in that it takes a pointer to a function and calls it repeatedly, once for each process in the system. Following is the declaration for the function:

        BOOL WINAPI EnumProcs( PROCENUMPROC lpProc, LPARAM lParam );

     If you use this function, the callback function should be declared as follows:

        BOOL CALLBACK Proc( DWORD dw, WORD w16, LPCSTR lpstr, LPARAM lParam );

The dw parameter will contain the ID, the w16 is the 16-bit task number or 0 if 32-bit process     (always zero under Windows 95), the lpstr parameter will point to the filename, and the lParam  is the user-defined lParam passed into EnumProcs().

The EnumProcs() function uses the ToolHelp32 and PSAPI.DLL functions via explicit linking, rather than the more common implicit linking. This  technique is used so that the code including the EnumProcs() function will be binary compatible across both Windows NT and Windows 95. (For  example, implicit linking of a ToolHelp32 function would cause an EXE to fail to load and run under Windows NT.)

        #include <windows.h>

           LPARAM ) ;

        BOOL WINAPI EnumProcs( PROCENUMPROC lpProc, LPARAM lParam ) ;

        EnumProc.c (or .cpp)
        #include "EnumProc.h"
        #include <tlhelp32.h>
        #include <vdmdbg.h>

        typedef struct
           DWORD          dwPID ;
           PROCENUMPROC   lpProc ;
           DWORD          lParam ;
           BOOL           bEnd ;
        } EnumInfoStruct ;

        BOOL WINAPI Enum16( DWORD dwThreadId, WORD hMod16, WORD hTask16,
           PSZ pszModName, PSZ pszFileName, LPARAM lpUserDefined ) ;

        // The EnumProcs function takes a pointer to a callback function
        // that will be called once per process in the system providing
        // process EXE filename and process ID.
        // Callback function definition:
        // BOOL CALLBACK Proc( DWORD dw, LPCSTR lpstr, LPARAM lParam ) ;
        // lpProc -- Address of callback routine.
        // lParam -- A user-defined LPARAM value to be passed to
        //           the callback routine.
        BOOL WINAPI EnumProcs( PROCENUMPROC lpProc, LPARAM lParam )
           OSVERSIONINFO  osver ;
           HINSTANCE      hInstLib ;
           HINSTANCE      hInstLib2 ;
           HANDLE         hSnapShot ;
           PROCESSENTRY32 procentry ;
           BOOL           bFlag ;
           LPDWORD        lpdwPIDs ;
           DWORD          dwSize, dwSize2, dwIndex ;
           HMODULE        hMod ;
           HANDLE         hProcess ;
           char           szFileName[ MAX_PATH ] ;
           EnumInfoStruct sInfo ;

           // ToolHelp Function Pointers.
           HANDLE (WINAPI *lpfCreateToolhelp32Snapshot)(DWORD,DWORD) ;
           BOOL (WINAPI *lpfProcess32First)(HANDLE,LPPROCESSENTRY32) ;
           BOOL (WINAPI *lpfProcess32Next)(HANDLE,LPPROCESSENTRY32) ;

           // PSAPI Function Pointers.
           BOOL (WINAPI *lpfEnumProcesses)( DWORD *, DWORD cb, DWORD * );
           BOOL (WINAPI *lpfEnumProcessModules)( HANDLE, HMODULE *,
              DWORD, LPDWORD );
           DWORD (WINAPI *lpfGetModuleFileNameEx)( HANDLE, HMODULE,
              LPTSTR, DWORD );

           // VDMDBG Function Pointers.
           INT (WINAPI *lpfVDMEnumTaskWOWEx)( DWORD,
              TASKENUMPROCEX  fp, LPARAM );

           // Check to see if were running under Windows95 or
           // Windows NT.
           osver.dwOSVersionInfoSize = sizeof( osver ) ;
           if( !GetVersionEx( &osver ) )
              return FALSE ;

           // If Windows NT:
           if( osver.dwPlatformId == VER_PLATFORM_WIN32_NT )

              // Load library and get the procedures explicitly. We do
              // this so that we don't have to worry about modules using
              // this code failing to load under Windows 95, because
              // it can't resolve references to the PSAPI.DLL.
              hInstLib = LoadLibraryA( "PSAPI.DLL" ) ;
              if( hInstLib == NULL )
                 return FALSE ;

              hInstLib2 = LoadLibraryA( "VDMDBG.DLL" ) ;
              if( hInstLib2 == NULL )
                 return FALSE ;

              // Get procedure addresses.
              lpfEnumProcesses = (BOOL(WINAPI *)(DWORD *,DWORD,DWORD*))
                 GetProcAddress( hInstLib, "EnumProcesses" ) ;
              lpfEnumProcessModules = (BOOL(WINAPI *)(HANDLE, HMODULE *,
                 DWORD, LPDWORD)) GetProcAddress( hInstLib,
                 "EnumProcessModules" ) ;
              lpfGetModuleFileNameEx =(DWORD (WINAPI *)(HANDLE, HMODULE,
                 LPTSTR, DWORD )) GetProcAddress( hInstLib,
                 "GetModuleFileNameExA" ) ;
                 LPARAM))GetProcAddress( hInstLib2, "VDMEnumTaskWOWEx" );
              if( lpfEnumProcesses == NULL ||
                 lpfEnumProcessModules == NULL ||
                 lpfGetModuleFileNameEx == NULL ||
                 lpfVDMEnumTaskWOWEx == NULL)
                    FreeLibrary( hInstLib ) ;
                    FreeLibrary( hInstLib2 ) ;
                    return FALSE ;

              // Call the PSAPI function EnumProcesses to get all of the
              // ProcID's currently in the system.
              // NOTE: In the documentation, the third parameter of
              // EnumProcesses is named cbNeeded, which implies that you
              // can call the function once to find out how much space to
              // allocate for a buffer and again to fill the buffer.
              // This is not the case. The cbNeeded parameter returns
              // the number of PIDs returned, so if your buffer size is
              // zero cbNeeded returns zero.
              // NOTE: The "HeapAlloc" loop here ensures that we
              // actually allocate a buffer large enough for all the
              // PIDs in the system.
              dwSize2 = 256 * sizeof( DWORD ) ;
              lpdwPIDs = NULL ;
                 if( lpdwPIDs )
                    HeapFree( GetProcessHeap(), 0, lpdwPIDs ) ;
                    dwSize2 *= 2 ;
                 lpdwPIDs = HeapAlloc( GetProcessHeap(), 0, dwSize2 );
                 if( lpdwPIDs == NULL )
                    FreeLibrary( hInstLib ) ;
                    FreeLibrary( hInstLib2 ) ;
                    return FALSE ;
                 if( !lpfEnumProcesses( lpdwPIDs, dwSize2, &dwSize ) )
                    HeapFree( GetProcessHeap(), 0, lpdwPIDs ) ;
                    FreeLibrary( hInstLib ) ;
                    FreeLibrary( hInstLib2 ) ;
                    return FALSE ;
              }while( dwSize == dwSize2 ) ;

              // How many ProcID's did we get?
              dwSize /= sizeof( DWORD ) ;

              // Loop through each ProcID.
              for( dwIndex = 0 ; dwIndex < dwSize ; dwIndex++ )
                 szFileName[0] = 0 ;
                 // Open the process (if we can... security does not
                 // permit every process in the system).
                 hProcess = OpenProcess(
                    FALSE, lpdwPIDs[ dwIndex ] ) ;
                 if( hProcess != NULL )
                    // Here we call EnumProcessModules to get only the
                    // first module in the process this is important,
                    // because this will be the .EXE module for which we
                    // will retrieve the full path name in a second.
                    if( lpfEnumProcessModules( hProcess, &hMod,
                       sizeof( hMod ), &dwSize2 ) )
                       // Get Full pathname:
                       if( !lpfGetModuleFileNameEx( hProcess, hMod,
                          szFileName, sizeof( szFileName ) ) )
                          szFileName[0] = 0 ;
                    CloseHandle( hProcess ) ;
                 // Regardless of OpenProcess success or failure, we
                 // still call the enum func with the ProcID.
                 if(!lpProc( lpdwPIDs[dwIndex], 0, szFileName, lParam))
                    break ;

                 // Did we just bump into an NTVDM?
                 if( _stricmp( szFileName+(strlen(szFileName)-9),
                    // Fill in some info for the 16-bit enum proc.
                    sInfo.dwPID = lpdwPIDs[dwIndex] ;
                    sInfo.lpProc = lpProc ;
                    sInfo.lParam = lParam ;
                    sInfo.bEnd = FALSE ;
                    // Enum the 16-bit stuff.
                    lpfVDMEnumTaskWOWEx( lpdwPIDs[dwIndex],
                       (TASKENUMPROCEX) Enum16,
                       (LPARAM) &sInfo);

                    // Did our main enum func say quit?
                       break ;

              HeapFree( GetProcessHeap(), 0, lpdwPIDs ) ;
              FreeLibrary( hInstLib2 ) ;

           // If Windows 95:
           }else if( osver.dwPlatformId == VER_PLATFORM_WIN32_WINDOWS )

              hInstLib = LoadLibraryA( "Kernel32.DLL" ) ;
              if( hInstLib == NULL )
                 return FALSE ;

              // Get procedure addresses.
              // We are linking to these functions of Kernel32
              // explicitly, because otherwise a module using
              // this code would fail to load under Windows NT,
              // which does not have the Toolhelp32
              // functions in the Kernel 32.
                 (HANDLE(WINAPI *)(DWORD,DWORD))
                 GetProcAddress( hInstLib,
                 "CreateToolhelp32Snapshot" ) ;
                 GetProcAddress( hInstLib, "Process32First" ) ;
                 GetProcAddress( hInstLib, "Process32Next" ) ;
              if( lpfProcess32Next == NULL ||
                 lpfProcess32First == NULL ||
                 lpfCreateToolhelp32Snapshot == NULL )
                 FreeLibrary( hInstLib ) ;
                 return FALSE ;

              // Get a handle to a Toolhelp snapshot of the systems
              // processes.
              hSnapShot = lpfCreateToolhelp32Snapshot(
                 TH32CS_SNAPPROCESS, 0 ) ;
              if( hSnapShot == INVALID_HANDLE_VALUE )
                 FreeLibrary( hInstLib ) ;
                 return FALSE ;

              // Get the first process' information.
              procentry.dwSize = sizeof(PROCESSENTRY32) ;
              bFlag = lpfProcess32First( hSnapShot, &procentry ) ;

              // While there are processes, keep looping.
              while( bFlag )
                 // Call the enum func with the filename and ProcID.
                 if(lpProc( procentry.th32ProcessID, 0,
                    procentry.szExeFile, lParam ))
                    procentry.dwSize = sizeof(PROCESSENTRY32) ;
                    bFlag = lpfProcess32Next( hSnapShot, &procentry );
                    bFlag = FALSE ;

              return FALSE ;

           // Free the library.
           FreeLibrary( hInstLib ) ;

           return TRUE ;

        BOOL WINAPI Enum16( DWORD dwThreadId, WORD hMod16, WORD hTask16,
           PSZ pszModName, PSZ pszFileName, LPARAM lpUserDefined )
           BOOL bRet ;

           EnumInfoStruct *psInfo = (EnumInfoStruct *)lpUserDefined ;

           bRet = psInfo->lpProc( psInfo->dwPID, hTask16, pszFileName,
              psInfo->lParam ) ;

              psInfo->bEnd = TRUE ;

           return !bRet;


Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question