英文:
TerminateProcess with GetCurrentProcess() handle and with GetCurrentProcessId() handle
问题
I'm studying Windows Internals. In fact, there's no similar _exit system call like in *nix.
The process should terminate itself with TerminateProcess/NtTerminateProcess.
ExitProcess/RtlExitUserProcess API doing some cleanup before self-terminate.
TerminateProcess/NtTerminateProcess work with GetCurrentProcess/NtCurrentProcess/(HANDLE)-1.
But when I try it with GetCurrentProcessId/gs:[0x40] it didn't work.
#include <windows.h>
int main(void)
{
TerminateProcess(GetCurrentProcess(), 0); // work
TerminateProcess(GetCurrentProcessId(), 0); // didn't work
}
mov rcx, -1
xor edx, edx
call TerminateProcess
; this one is working
call GetCurrentProcessId
mov ecx, eax
xor edx, edx
call TerminateProcess
; this one didn't work
Why Windows processes must self terminate itself with GetCurrentProcess and can't work with GetCurrentProcessId ?
英文:
I'm studying Windows Internals. In fact, there's no similar _exit system call like in *nix.
The process should terminate itself with TerminateProcess/NtTerminateProcess.
ExitProcess/RtlExitUserProcess API doing some cleanup before self-terminate.
TerminateProcess/NtTerminateProcess work with GetCurrentProcess/NtCurrentProcess/(HANDLE)-1.
But when I try it with GetCurrentProcessId/gs:[0x40] it didn't work.
#include <windows.h>
int main(void)
{
TerminateProcess(GetCurrentProcess(), 0); // work
TerminateProcess(GetCurrentProcessId(), 0); // didn't work
}
mov rcx, -1
xor edx, edx
call TerminateProcess
; this one is working
call GetCurrentProcessId
mov ecx, eax
xor edx, edx
call TerminateProcess
; this one didn't work
Why Windows processes must self terminate itself with GetCurrentProcess and can't work with GetCurrentProcessId ?
答案1
得分: 4
TerminateProcess()的文档明确指出它需要一个进程句柄,而GetCurrentProcessID()返回的是进程ID。你为什么期望那个ID会起作用呢?
你的一条评论似乎暗示你认为进程句柄与进程ID相同。显然这是不正确的,否则GetCurrentProcess()和GetCurrentProcessID()不会存在为不同的API。
实际上,GetCurrentProcess()实际返回0xffffffff。
文档说:
返回值是对当前进程的伪句柄。
英文:
The documentation for TerminateProcess() clearly says that it takes a process handle, whereas GetCurrentProcessID() returns a process ID instead. Why would you expect that ID to work?
One comment of yours seems to suggest that you think a process HANDLE is the same as a process ID. Clearly that is not true, otherwise GetCurrentProcess() and GetCurrentProcessID() would not exist as separate APIs.
In fact, GetCurrentProcess() actually returns 0xffffffff.
The docs say:
> The return value is a pseudo handle to the current process.
答案2
得分: -1
抱歉,像其他人说的那样,TerminateProcess 接受进程句柄,而不是进程 ID。
我应该从 OpenProcess(PROCESS_TERMINATE, false, GetCurrentProcessId()) 获取句柄。
对于错误信息,抱歉。
英文:
Okay, like the other said, TerminateProcess accept process handle, and not process id.
I should take the handle from OpenProcess(PROCESS_TERMINATE, false, GetCurrentProcessId()).
Sorry for the misinformation.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论