In C#, i want to kill a critical process, like wininit.exe, services.exe or csrss.exe. This is the code i tried, which doesn't work. (Obliviously i run as admin).
static class Program
{
/// <summary>
/// The main entry point for the application.
/// </summary>
[STAThread]
static void Main()
{
KillCriticalProcess(Process.GetProcessesByName("wininit")[0]);
}
[DllImport("kernel32.dll")]
public static extern IntPtr OpenProcess(uint processAccess, bool bInheritHandle, int processId);
[DllImport("kernel32.dll")]
private static extern bool TerminateProcess(IntPtr hProcess, int exitCode);
[DllImport("kernel32.dll")]
private static extern bool CloseHandle(IntPtr hObject);
[DllImport("ntdll.dll")]
private static extern int NtSetInformationProcess(IntPtr hProcess, int processInformationClass, ref int processInformation, int processInformationLength);
private static uint PROCESS_TERMINATE = 0x00000001;
private static uint PROCESS_SET_INFORMATION = 0x00000200;
public static void KillCriticalProcess(Process proc)
{
IntPtr procHandle = OpenProcess(PROCESS_TERMINATE | PROCESS_SET_INFORMATION, false, proc.Id);
int critical = 0;
int BreakOnTermination = 0x1D;
NTSTATUS ntStatus = NtSetInformationProcess(procHandle, BreakOnTermination, ref critical, sizeof(int));
Console.WriteLine("ntstatus message: " + ntStatus);
Console.WriteLine(TerminateProcess(procHandle, 0));
CloseHandle(procHandle);
}
}
The problem is that nothing happens to wininit.exe (because there is no BSOD and i can see it in process hacker). NtSetInformationProcess returns STATUS_INVALID_HANDLE and TerminateProcess returns false. I wanna remember you again that i run as admin. This surely can be done just because processhacker can do this by running as user.
User contributions licensed under CC BY-SA 3.0