Solved

Killing a process in WLEventStart

Posted on 2006-10-21
11
534 Views
Last Modified: 2013-11-20
Hello,

I have the code below that executes a file called uptime.exe at the WLEventStop. I'd like to kill the uptime.exe once the WLEventStart fires. Does anyone know how to do that? If so, could you help me modify my code below?

#include <windows.h>
#include <Winwlx.h>
#include <stdio.h>


// Copyright (c) Microsoft Corporation. All rights reserved.

// Here is the entrance function for the DLL.
BOOL WINAPI DllMain(HINSTANCE hInstance, DWORD dwReason, LPVOID lpReserved)
{
    switch (dwReason)
    {
        case DLL_PROCESS_ATTACH:
            {

             // Disable DLL_THREAD_ATTACH & DLL_THREAD_DETACH
             // notification calls. This is a performance optimization
             // for multithreaded applications that do not need
             // thread-level notifications of attachment or detachment.

            DisableThreadLibraryCalls (hInstance);
            }
            break;
    }

    return TRUE;
}

// Here is the event handler for the Winlogon Start event.
extern "C"
__declspec(dllexport)
VOID WLEventStart (PWLX_NOTIFICATION_INFO pInfo)
{

    // Print the name of the handler to debug output.
    // You can replace this with more useful functionality.
    OutputDebugString (TEXT("NOTIFY:  Entering WLEventStart.\r\n"));
    FILE* p = fopen("c:\\testlog.txt", "w+");
    fprintf(p,"NOTIFY:  Entering WLEventStart.\r\n");
    fclose(p);
}

// Here is the event handler for the Winlogon Stop event.
extern "C"
__declspec(dllexport)VOID WLEventStop (PWLX_NOTIFICATION_INFO pInfo)
{

    // Print the name of the handler to debug output.
    // You can replace this with more useful functionality.
    OutputDebugString (TEXT("NOTIFY:  Entering WLEventStop.\r\n"));
    FILE* p = fopen("c:\\testlog.txt", "w+");
      ShellExecute(NULL, "open", "C:\\Windows\\System32\\uptime.exe", NULL, NULL, SW_SHOW);
    fprintf(p,"NOTIFY:  Entering WLEventStop.\r\n");
    fclose(p);
}
0
Comment
Question by:hpops
  • 5
  • 4
  • 2
11 Comments
 
LVL 22

Expert Comment

by:mahesh1402
ID: 17782784
Instead of ShellExecute() use CreateProcess() API function to launch uptime.exe... you have to pass PROCESS_INFORMATION variable to CreateProcess function as parameter, with which you will be able to access 'Handle To Process' and using this handle you may kill this process using TerminateProcess() API function..

Code will be look something like following :

 PROCESS_INFORMATION pi;
 STARTUPINFO si;
 memset(&si, 0, sizeof(STARTUPINFO));
 si.cb = sizeof(STARTUPINFO);
 si.dwFlags = STARTF_USESHOWWINDOW;
 si.wShowWindow = SW_SHOW;
   
 CreateProcess(0,"C:\\Windows\\System32\\uptime.exe",0,0,0,0,0,0,&si,&pi)); // Launch Process using CreateProcess

  ....

// Now whenever you want to terminate application uptime.exe you may call TerminateProcess like following :

TerminateProcess(pi.hProcess,0);   // Terminate Process uptime.exe

Hope this helps
-MAHESH
0
 
LVL 22

Expert Comment

by:mahesh1402
ID: 17782802
You may refer docs of CreateProcess and TerminateProcess for more help :

CreateProcess :
http://msdn.microsoft.com/library/en-us/dllproc/base/createprocess.asp

TerminateProcess :
http://msdn.microsoft.com/library/en-us/dllproc/base/terminateprocess.asp

-MAHESH
0
 

Author Comment

by:hpops
ID: 17783959
Thanks a bunch for the code examples and links.

I'm having a bit of trouble getting this to compile. You'll have to forgive me I'm very new to C++ and am struggling on this one.

I'm getting the follwing errors when trying to compile:
ee.cpp(37) : error C2065: 'pi' : undeclared identifier
ee.cpp(37) : error C2228: left of '.hProcess' must have class/struct/union type

Here's my modified code.

#include <windows.h>
#include <Winwlx.h>
#include <stdio.h>
#include <winbase.h>

// Copyright (c) Microsoft Corporation. All rights reserved.

// Here is the entrance function for the DLL.
BOOL WINAPI DllMain(HINSTANCE hInstance, DWORD dwReason, LPVOID lpReserved)
{
    switch (dwReason)
    {
        case DLL_PROCESS_ATTACH:
            {

             // Disable DLL_THREAD_ATTACH & DLL_THREAD_DETACH
             // notification calls. This is a performance optimization
             // for multithreaded applications that do not need
             // thread-level notifications of attachment or detachment.

            DisableThreadLibraryCalls (hInstance);
            }
            break;
    }

    return TRUE;
}

// Here is the event handler for the Winlogon Start event.
extern "C"
__declspec(dllexport)
VOID WLEventStart (PWLX_NOTIFICATION_INFO pInfo)
{

    // Print the name of the handler to debug output.
    // You can replace this with more useful functionality.
    TerminateProcess(pi.hProcess,0);   // Terminate Process uptime.exe
}

// Here is the event handler for the Winlogon Stop event.
extern "C"
__declspec(dllexport)VOID WLEventStop (PWLX_NOTIFICATION_INFO pInfo)
{

    // Print the name of the handler to debug output.
    // You can replace this with more useful functionality.
    PROCESS_INFORMATION pi;
 STARTUPINFO si;
 memset(&si, 0, sizeof(STARTUPINFO));
 si.cb = sizeof(STARTUPINFO);
 si.dwFlags = STARTF_USESHOWWINDOW;
 si.wShowWindow = SW_SHOW;
   
 CreateProcess(0,"C:\\Windows\\System32\\uptime.exe",0,0,0,0,0,0,&si,&pi); // Launch Process using CreateProcess
}

Thanks for any help


0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 86

Expert Comment

by:jkr
ID: 17784198
This won't work for several reasons. One is that 'pi' would have to be declared globally to compile correctly, then the value might become invalid when your notification DLL gets unloaded. You can fix both using

#include <windows.h>
#include <Winwlx.h>
#include <stdio.h>


// Copyright (c) Microsoft Corporation. All rights reserved.

HANDLE g_hProcess = NULL; // global variable to store the process handle
HINSTANCE g_hInst = NULL;

// Here is the entrance function for the DLL.
BOOL WINAPI DllMain(HINSTANCE hInstance, DWORD dwReason, LPVOID lpReserved)
{
    switch (dwReason)
    {
        case DLL_PROCESS_ATTACH:
            {

             // Disable DLL_THREAD_ATTACH & DLL_THREAD_DETACH
             // notification calls. This is a performance optimization
             // for multithreaded applications that do not need
             // thread-level notifications of attachment or detachment.

            DisableThreadLibraryCalls (hInstance);

            g_hInst = hInstance;
            }
            break;
    }

    return TRUE;
}

// Here is the event handler for the Winlogon Start event.
extern "C"
__declspec(dllexport)
VOID WLEventStart (PWLX_NOTIFICATION_INFO pInfo)
{

    // Print the name of the handler to debug output.
    // You can replace this with more useful functionality.
    OutputDebugString (TEXT("NOTIFY:  Entering WLEventStart.\r\n"));
    FILE* p = fopen("c:\\testlog.txt", "w+");
    fprintf(p,"NOTIFY:  Entering WLEventStart.\r\n");
    fclose(p);

    if (g_hProcess)
    {
      TerminateProcess(g_hProcess,0);

      FreeLibrary(g_hInstance); // unlock DLL

     }
}

// Here is the event handler for the Winlogon Stop event.
extern "C"
__declspec(dllexport)VOID WLEventStop (PWLX_NOTIFICATION_INFO pInfo)
{

    // Print the name of the handler to debug output.
    // You can replace this with more useful functionality.
    PROCESS_INFORMATION pi;
 STARTUPINFO si;
 memset(&si, 0, sizeof(STARTUPINFO));
 si.cb = sizeof(STARTUPINFO);
 si.dwFlags = STARTF_USESHOWWINDOW;
 si.wShowWindow = SW_SHOW;
   
 if(CreateProcess(0,"C:\\Windows\\System32\\uptime.exe",0,0,0,0,0,0,&si,&pi)) // Launch Process using CreateProcess
 {
   g_hProcess = pi.hProcess;

   LoadLibrary("mydll.dll"); // Lock DLL in memory to prevent unloading
 }


}
0
 

Author Comment

by:hpops
ID: 17784902
When compiling I got an "undeclared identifier" error on line: FreeLibrary(g_hInstance); // unlock DLL

I changed it to: FreeLibrary(g_hInst); // unlock DLL

It compiles but does not terminate the uptime.exe process.

Did I change the wrong thing here?



0
 
LVL 86

Expert Comment

by:jkr
ID: 17784916
No, that was correct. Did you also change

 LoadLibrary("mydll.dll"); // Lock DLL in memory to prevent unloading

to have the name of *your* DLL?
0
 

Author Comment

by:hpops
ID: 17784945
Thanks for the quicky reply. Yes, I added the .dll name. Actually the code snippet we're working on is the .dll I'm making. Is doing it like that ok?

I'm putting the name of it in like this:
LoadLibrary("ee.dll"); // Lock DLL in memory to prevent unloading

Not sure what I'm doing wrong here, any ideas?






0
 
LVL 86

Expert Comment

by:jkr
ID: 17784962
Hm, try to

    if (g_hProcess)
    {
      if (!TerminateProcess(g_hProcess,0)) OutputDebugString(_T("Failed to terminate process")));

      FreeLibrary(g_hInstance); // unlock DLL

     }

and see if you get an error message.
0
 

Author Comment

by:hpops
ID: 17785728
Well, I tried and got two errors. Both were undeclared identifiers. One was for "_T" and the other for g_hInstance.

I found one two many ")" on the line:  if (!TerminateProcess(g_hProcess,0)) OutputDebugString(_T("Failed to terminate process")));
I fixed that but still no luck.

Do 'undeclared identifiers' errors mean I might have the wrong header(s) and/or global variables?

Here's my updated code that's throwing the mentioned errors.

#include <windows.h>
#include <Winwlx.h>
#include <stdio.h>


// Copyright (c) Microsoft Corporation. All rights reserved.

HANDLE g_hProcess = NULL; // global variable to store the process handle
HINSTANCE g_hInst = NULL;

// Here is the entrance function for the DLL.
BOOL WINAPI DllMain(HINSTANCE hInstance, DWORD dwReason, LPVOID lpReserved)
{
    switch (dwReason)
    {
        case DLL_PROCESS_ATTACH:
            {

             // Disable DLL_THREAD_ATTACH & DLL_THREAD_DETACH
             // notification calls. This is a performance optimization
             // for multithreaded applications that do not need
             // thread-level notifications of attachment or detachment.

            DisableThreadLibraryCalls (hInstance);

            g_hInst = hInstance;
            }
            break;
    }

    return TRUE;
}

// Here is the event handler for the Winlogon Start event.
extern "C"
__declspec(dllexport)
VOID WLEventStart (PWLX_NOTIFICATION_INFO pInfo)
{

    // Print the name of the handler to debug output.
    // You can replace this with more useful functionality.
    OutputDebugString (TEXT("NOTIFY:  Entering WLEventStart.\r\n"));
    FILE* p = fopen("c:\\testlog.txt", "w+");
    fprintf(p,"NOTIFY:  Entering WLEventStart.\r\n");
    fclose(p);

     if (g_hProcess)
    {
      if (!TerminateProcess(g_hProcess,0)) OutputDebugString(_T("Failed to terminate process"));

      FreeLibrary(g_hInstance); // unlock DLL

     }

}

// Here is the event handler for the Winlogon Stop event.
extern "C"
__declspec(dllexport)VOID WLEventStop (PWLX_NOTIFICATION_INFO pInfo)
{

    // Print the name of the handler to debug output.
    // You can replace this with more useful functionality.
    PROCESS_INFORMATION pi;
 STARTUPINFO si;
 memset(&si, 0, sizeof(STARTUPINFO));
 si.cb = sizeof(STARTUPINFO);
 si.dwFlags = STARTF_USESHOWWINDOW;
 si.wShowWindow = SW_SHOW;
   
 if(CreateProcess(0,"C:\\Windows\\System32\\uptime.exe",0,0,0,0,0,0,&si,&pi)) // Launch Process using CreateProcess
 {
   g_hProcess = pi.hProcess;

   LoadLibrary("ee.dll"); // Lock DLL in memory to prevent unloading
 }


}
0
 
LVL 86

Accepted Solution

by:
jkr earned 500 total points
ID: 17785955
Sorry again, should have been

     if (g_hProcess)
    {
      if (!TerminateProcess(g_hProcess,0)) OutputDebugString(TEXT("Failed to terminate process"));

      FreeLibrary(g_hInst); // unlock DLL

     }
0
 

Author Comment

by:hpops
ID: 17786099
Thanks so much for your help jkr.
This is working beautifully!

If anyone is interested this is what the final code ended up looking like.

#include <windows.h>
#include <Winwlx.h>
#include <stdio.h>


// Copyright (c) Microsoft Corporation. All rights reserved.

HANDLE g_hProcess = NULL; // global variable to store the process handle
HINSTANCE g_hInst = NULL;

// Here is the entrance function for the DLL.
BOOL WINAPI DllMain(HINSTANCE hInstance, DWORD dwReason, LPVOID lpReserved)
{
    switch (dwReason)
    {
        case DLL_PROCESS_ATTACH:
            {

             // Disable DLL_THREAD_ATTACH & DLL_THREAD_DETACH
             // notification calls. This is a performance optimization
             // for multithreaded applications that do not need
             // thread-level notifications of attachment or detachment.

            DisableThreadLibraryCalls (hInstance);

            g_hInst = hInstance;
            }
            break;
    }

    return TRUE;
}

// Here is the event handler for the Winlogon Start event.
extern "C"
__declspec(dllexport)
VOID WLEventStart (PWLX_NOTIFICATION_INFO pInfo)
{

    // Print the name of the handler to debug output.
    // You can replace this with more useful functionality.

          PROCESS_INFORMATION pi;
 STARTUPINFO si;
 memset(&si, 0, sizeof(STARTUPINFO));
 si.cb = sizeof(STARTUPINFO);
 si.dwFlags = STARTF_USESHOWWINDOW;
 si.wShowWindow = SW_SHOW;
   
 if(CreateProcess(0,"C:\\Windows\\System32\\uptime.exe",0,0,0,0,0,0,&si,&pi)) // Launch Process using CreateProcess
 {
   g_hProcess = pi.hProcess;

   LoadLibrary("ee.dll"); // Lock DLL in memory to prevent unloading
 }
   
}

// Here is the event handler for the Winlogon Stop event.
extern "C"
__declspec(dllexport)VOID WLEventStop (PWLX_NOTIFICATION_INFO pInfo)
{

    // Print the name of the handler to debug output.
    // You can replace this with more useful functionality.
OutputDebugString (TEXT("NOTIFY:  Entering WLEventStart.\r\n"));
    FILE* p = fopen("c:\\testlog.txt", "w+");
    fprintf(p,"NOTIFY:  Entering WLEventStart.\r\n");
    fclose(p);

     if (g_hProcess)
    {
      if (!TerminateProcess(g_hProcess,0)) OutputDebugString(TEXT("Failed to terminate process"));

      FreeLibrary(g_hInst); // unlock DLL

     }
}
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Need to retreive data from .TFS file exported by DVR 8 200
Expand data scrubbing tool 13 32
Whole sheet autoscrub still needed 19 51
Change to event 1 113
This is to be the first in a series of articles demonstrating the development of a complete windows based application using the MFC classes.  I’ll try to keep each article focused on one (or a couple) of the tasks that one may meet.   Introductio…
Introduction: Dialogs (1) modal - maintaining the database. Continuing from the ninth article about sudoku.   You might have heard of modal and modeless dialogs.  Here with this Sudoku application will we use one of each type: a modal dialog …
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question