[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Attach to System processess?

Posted on 2000-01-17
14
Medium Priority
?
221 Views
Last Modified: 2010-05-18
Platform: Win NT 4.0,  MS VC++ 5.0

I want to be able to terminate system processes programmatically similarly to what the VC++ (Build->Start Debug->Attach Process...-> Show System Process) can do.

At times third-party services I use behave erratically and a shutdown is in order. However, these services will not terminate successfully. The TerminateProcess() call I use within my program (similar to the Task Manager->End Task)returns a 'Access Denied' error and does not terminate the process.

I can, however, pull up a session of MS VC++, attach it to the process via the debugger,  and once I stop the debugging the process is terminated.

How can I acheive this?
0
Comment
Question by:domenic
  • 8
  • 6
14 Comments
 
LVL 1

Author Comment

by:domenic
ID: 2360577
Edited text of question.
0
 
LVL 1

Author Comment

by:domenic
ID: 2360579
Edited text of question.
0
 
LVL 86

Accepted Solution

by:
jkr earned 800 total points
ID: 2360584
You'll need the 'SE_DEBUG_NAME' provilege to be enabled. This privilege is granted to administrators, but is disabled by default. Use the following code to enable it:

BOOL    DbgEnableDebugPriv  (   BOOL    bEnable)
{
   HANDLE           hToken;
   TOKEN_PRIVILEGES tp;

   if   (   !OpenProcessToken   (   GetCurrentProcess   (),
                                    TOKEN_ADJUST_PRIVILEGES,
                                    &hToken
                                )
        )   return  (   FALSE);


   tp.PrivilegeCount    =   1;
   
   LookupPrivilegeValue (   NULL,
                            SE_DEBUG_NAME,
                            &tp.Privileges  [   0].Luid
                        );

   tp.Privileges    [   0].Attributes   =       bEnable
                                            ?   SE_PRIVILEGE_ENABLED
                                            :   0;

   AdjustTokenPrivileges    (   hToken,
                                FALSE,
                                &tp,
                                sizeof  (   tp),
                                NULL,
                                NULL
                            );

   return   (   GetLastError()  ==   ERROR_SUCCESS);
}

Feel free to ask if you need more information!
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
LVL 86

Expert Comment

by:jkr
ID: 2360605
BTW: This also is the reason why e.g. services can't be killed from the task manager. Jeffrey Richter addressed this issue in a MSJ column some time ago, and all he did was using the following little starter application which launches taskmgr.exe with the privilege enabled:
/*************************************************************
Module name: EnableDebugPrivAndRun.cpp
Notices: Written 1998 by Jeffrey Richter
Description: Enables the Debug privilege before running an app
*************************************************************/


#define STRICT
#include <Windows.h>


//////////////////////////////////////////////////////////////


BOOL EnablePrivilege(HANDLE hToken, LPCTSTR szPrivName,
   BOOL fEnable) {

   TOKEN_PRIVILEGES tp;
   tp.PrivilegeCount = 1;
   LookupPrivilegeValue(NULL, szPrivName, &tp.Privileges[0].Luid);
   tp.Privileges[0].Attributes = fEnable ? SE_PRIVILEGE_ENABLED : 0;
   AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), NULL, NULL);
   return((GetLastError() == ERROR_SUCCESS));
}


//////////////////////////////////////////////////////////////


int WINAPI WinMain(HINSTANCE hinstExe,
   HINSTANCE hinstExePrev, LPSTR pszCmdLine, int nCmdShow) {

   HANDLE hToken;
   if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken)) {
      if (EnablePrivilege(hToken, SE_DEBUG_NAME, TRUE)) {

         if (ShellExecute(NULL, NULL, pszCmdLine, NULL,
            NULL, SW_SHOWNORMAL) < (HINSTANCE) 32) {

            MessageBox(NULL, pszCmdLine,
               __TEXT("EnableDebugPrivAndRun: Couldn't run"),
               MB_OK | MB_ICONINFORMATION);
         }
      }
      CloseHandle(hToken);
   }
   return(0);
}


//////////////////////// End Of File /////////////////////////

0
 
LVL 1

Author Comment

by:domenic
ID: 2360670
Lightening response jkr! I was just about to ask you why then does the Task Manager fail to stop services even as administrator?!

So are you telling me that my
ControlService->SERVICE_CONTROL_STOP call will be able to terminate the service successfully every time if I enable this SE_DEBUG_NAME privilege?
0
 
LVL 86

Expert Comment

by:jkr
ID: 2360821
Well, sending a control request to a service requires the service handle to be opened using the SERVICE_STOP bit set in the access mask (or, for siplicity's sake a SERVICE_ALL_ACCES mask ;-)  - this is usually not afected by this privilege...
0
 
LVL 86

Expert Comment

by:jkr
ID: 2364499
Do you have any further problems?
0
 
LVL 1

Author Comment

by:domenic
ID: 2364558
I am testing this code ....
0
 
LVL 86

Expert Comment

by:jkr
ID: 2364769
OK ;-)
0
 
LVL 86

Expert Comment

by:jkr
ID: 2364775
BTW: Are we talking about 'OpenProcess()'/'TerminateProcess()' or 'ControlService()'?
0
 
LVL 1

Author Comment

by:domenic
ID: 2366723
As you stated the ControlService() is not affected. I do get incidences where I am unable to stop the service.
If the service does not stop when desired, I do call (and still need to call) OpenProcess/TerminateProcess in order to shut it down. With your info on the SE_DEBUG_NAME privilege, I'm hoping this will do it.
0
 
LVL 86

Expert Comment

by:jkr
ID: 2368223
>>With your info on the SE_DEBUG_NAME privilege, I'm hoping
>>this will do it.

Be sure, it will - I use the above code in a little debugger that I wrote, and it *is* capable of terminating hung services ;-)
0
 
LVL 86

Expert Comment

by:jkr
ID: 2383704
Well, how does it work?
0
 
LVL 1

Author Comment

by:domenic
ID: 2385755
Thanks for the support, jkr.
0

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Errors will happen. It is a fact of life for the programmer. How and when errors are detected have a great impact on quality and cost of a product. It is better to detect errors at compile time, when possible and practical. Errors that make their wa…
This article will show you some of the more useful Standard Template Library (STL) algorithms through the use of working examples.  You will learn about how these algorithms fit into the STL architecture, how they work with STL containers, and why t…
The goal of the tutorial is to teach the user how to use functions in C++. The video will cover how to define functions, how to call functions and how to create functions prototypes. Microsoft Visual C++ 2010 Express will be used as a text editor an…
The viewer will learn additional member functions of the vector class. Specifically, the capacity and swap member functions will be introduced.

611 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question