Is there a way to kill a critical process in C#?
In C#, i want to kill a critical process, like wininit.exe, services.exe or csrss.exe. This is the code i tried, which doesn't work. (Obliviously i run as admin).
static class Program
{
/// <summary>
/// The main entry point for the application.
/// </summary>
[STAThread]
static void Main()
{
KillCriticalProcess(Process.GetProcessesByName("wininit")[0]);
}
[DllImport("kernel32.dll")]
public static extern IntPtr OpenProcess(uint processAccess, bool bInheritHandle, int processId);
[DllImport("kernel32.dll")]
private static extern bool TerminateProcess(IntPtr hProcess, int exitCode);
[DllImport("kernel32.dll")]
private static extern bool CloseHandle(IntPtr hObject);
[DllImport("ntdll.dll")]
private static extern int NtSetInformationProcess(IntPtr hProcess, int processInformationClass, ref int processInformation, int processInformationLength);
private static uint PROCESS_TERMINATE = 0x00000001;
private static uint PROCESS_SET_INFORMATION = 0x00000200;
public static void KillCriticalProcess(Process proc)
{
IntPtr procHandle = OpenProcess(PROCESS_TERMINATE | PROCESS_SET_INFORMATION, false, proc.Id);
int critical = 0;
int BreakOnTermination = 0x1D;
NTSTATUS ntStatus = NtSetInformationProcess(procHandle, BreakOnTermination, ref critical, sizeof(int));
Console.WriteLine("ntstatus message: " + ntStatus);
Console.WriteLine(TerminateProcess(procHandle, 0));
CloseHandle(procHandle);
}
}
The problem is that nothing happens to wininit.exe (because there is no BSOD and i can see it in process hacker). NtSetInformationProcess returns STATUS_INVALID_HANDLE and TerminateProcess returns false. I wanna remember you again that i run as admin. This surely can be done just because processhacker can do this by running as user.
Ciccio Pasticcio0 Answers
Nobody has answered this question yet.
User contributions licensed under CC BY-SA 3.0