Attach to System processess?

Platform: Win NT 4.0,  MS VC++ 5.0

I want to be able to terminate system processes programmatically similarly to what the VC++ (Build->Start Debug->Attach Process...-> Show System Process) can do.

At times third-party services I use behave erratically and a shutdown is in order. However, these services will not terminate successfully. The TerminateProcess() call I use within my program (similar to the Task Manager->End Task)returns a 'Access Denied' error and does not terminate the process.

I can, however, pull up a session of MS VC++, attach it to the process via the debugger,  and once I stop the debugging the process is terminated.

How can I acheive this?
LVL 1
domenicAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

domenicAuthor Commented:
Edited text of question.
0
domenicAuthor Commented:
Edited text of question.
0
jkrCommented:
You'll need the 'SE_DEBUG_NAME' provilege to be enabled. This privilege is granted to administrators, but is disabled by default. Use the following code to enable it:

BOOL    DbgEnableDebugPriv  (   BOOL    bEnable)
{
   HANDLE           hToken;
   TOKEN_PRIVILEGES tp;

   if   (   !OpenProcessToken   (   GetCurrentProcess   (),
                                    TOKEN_ADJUST_PRIVILEGES,
                                    &hToken
                                )
        )   return  (   FALSE);


   tp.PrivilegeCount    =   1;
   
   LookupPrivilegeValue (   NULL,
                            SE_DEBUG_NAME,
                            &tp.Privileges  [   0].Luid
                        );

   tp.Privileges    [   0].Attributes   =       bEnable
                                            ?   SE_PRIVILEGE_ENABLED
                                            :   0;

   AdjustTokenPrivileges    (   hToken,
                                FALSE,
                                &tp,
                                sizeof  (   tp),
                                NULL,
                                NULL
                            );

   return   (   GetLastError()  ==   ERROR_SUCCESS);
}

Feel free to ask if you need more information!
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

jkrCommented:
BTW: This also is the reason why e.g. services can't be killed from the task manager. Jeffrey Richter addressed this issue in a MSJ column some time ago, and all he did was using the following little starter application which launches taskmgr.exe with the privilege enabled:
/*************************************************************
Module name: EnableDebugPrivAndRun.cpp
Notices: Written 1998 by Jeffrey Richter
Description: Enables the Debug privilege before running an app
*************************************************************/


#define STRICT
#include <Windows.h>


//////////////////////////////////////////////////////////////


BOOL EnablePrivilege(HANDLE hToken, LPCTSTR szPrivName,
   BOOL fEnable) {

   TOKEN_PRIVILEGES tp;
   tp.PrivilegeCount = 1;
   LookupPrivilegeValue(NULL, szPrivName, &tp.Privileges[0].Luid);
   tp.Privileges[0].Attributes = fEnable ? SE_PRIVILEGE_ENABLED : 0;
   AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), NULL, NULL);
   return((GetLastError() == ERROR_SUCCESS));
}


//////////////////////////////////////////////////////////////


int WINAPI WinMain(HINSTANCE hinstExe,
   HINSTANCE hinstExePrev, LPSTR pszCmdLine, int nCmdShow) {

   HANDLE hToken;
   if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken)) {
      if (EnablePrivilege(hToken, SE_DEBUG_NAME, TRUE)) {

         if (ShellExecute(NULL, NULL, pszCmdLine, NULL,
            NULL, SW_SHOWNORMAL) < (HINSTANCE) 32) {

            MessageBox(NULL, pszCmdLine,
               __TEXT("EnableDebugPrivAndRun: Couldn't run"),
               MB_OK | MB_ICONINFORMATION);
         }
      }
      CloseHandle(hToken);
   }
   return(0);
}


//////////////////////// End Of File /////////////////////////

0
domenicAuthor Commented:
Lightening response jkr! I was just about to ask you why then does the Task Manager fail to stop services even as administrator?!

So are you telling me that my
ControlService->SERVICE_CONTROL_STOP call will be able to terminate the service successfully every time if I enable this SE_DEBUG_NAME privilege?
0
jkrCommented:
Well, sending a control request to a service requires the service handle to be opened using the SERVICE_STOP bit set in the access mask (or, for siplicity's sake a SERVICE_ALL_ACCES mask ;-)  - this is usually not afected by this privilege...
0
jkrCommented:
Do you have any further problems?
0
domenicAuthor Commented:
I am testing this code ....
0
jkrCommented:
OK ;-)
0
jkrCommented:
BTW: Are we talking about 'OpenProcess()'/'TerminateProcess()' or 'ControlService()'?
0
domenicAuthor Commented:
As you stated the ControlService() is not affected. I do get incidences where I am unable to stop the service.
If the service does not stop when desired, I do call (and still need to call) OpenProcess/TerminateProcess in order to shut it down. With your info on the SE_DEBUG_NAME privilege, I'm hoping this will do it.
0
jkrCommented:
>>With your info on the SE_DEBUG_NAME privilege, I'm hoping
>>this will do it.

Be sure, it will - I use the above code in a little debugger that I wrote, and it *is* capable of terminating hung services ;-)
0
jkrCommented:
Well, how does it work?
0
domenicAuthor Commented:
Thanks for the support, jkr.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
C++

From novice to tech pro — start learning today.