Mail Archives: cygwin/2004/03/08/17:43:16
------=_NextPart_000_0389_01C40534.74E1A640
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Hello,
I've noticed that /bin/kill.exe is unable to kill processes that are run as
another user (e.g. SYSTEM) (even with -f).
Is this intentional? If not, would it be possible for someone to use the
attached code to make it possible? It is basically a regular version of
"windows" kill, except that it gets "debug privileges" before trying to kill
the process - a nice trick left over from the NT 4.0 resource kit days.
Currently, I have to distribute my own fkill.exe to all the systems where I
need it, but it would be handy if it was part of Cygwin.
I know this is a pretty lazy request, but it seems like functionality that
many people might use. (It's especially useful for killing broken windows
services that run as localsystem, and don't shut down properly).
Thanks,
Rob.
P.S. - I would do this myself, but I don't think I'm qualified to mess with
core Cygwin stuff.
------=_NextPart_000_0389_01C40534.74E1A640
Content-Type: application/octet-stream;
name="fkill.c"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="fkill.c"
#include <windows.h>
#include <stdio.h>
#pragma hdrstop
// fkill forces a kill -- it will attempt to enable SeDebugPrivilege
// before opening its process handles, allowing it to kill processes
// running under builtin\system (LocalSystem, to the users out there).
int main( int argc, char *argv[] );
void getDebugPriv( void );
#define isBadHandle(h) ( (h) =3D=3D NULL || (h) =3D=3D INVALID_HANDLE_VALUE=
)
#define lenof(x) ( sizeof (x) / sizeof ((x)[0]) )
#define MAXPID 1024
int main( int argc, char *argv[] )
{
int pidCount, i, errors;
char *p;
HANDLE hProcess;
static DWORD pid[MAXPID];
// parse args, build PID list
errors =3D pidCount =3D 0;
for ( i =3D 1; i < argc; i ++ )
{
if ( pidCount =3D=3D lenof( pid ) ) {
errors ++;
break;
}
pid[pidCount] =3D strtol( argv[i], &p, 0 );
if ( p =3D=3D argv[i] || *p )
errors ++;
else
pidCount ++;
}
if ( errors || pidCount =3D=3D 0 )
{
puts( "Usage: fkill pid [...]" );
puts( "fkill tries to kill the processes specified by the PIDs. If the" );
puts( "user has debug privileges, fkill is able to kill system processes.=
" );
puts( "PIDs may be decimal, octal (starts with 0), or hex (starts with 0x=
)." );
return MAXPID + 1;
}
// try to acquire SeDebugPrivilege
getDebugPriv();
errors =3D 0;
// for each PID:
for ( i =3D 0; i < pidCount; i ++ )
{
printf( "pid %lu: ", pid[i] );
// open process
hProcess =3D OpenProcess( PROCESS_TERMINATE, FALSE, pid[i] );
if ( isBadHandle( hProcess ) )
printf( "OpenProcess() failed, err =3D %lu\n", GetLastError() );
else
{
// kill process
if ( ! TerminateProcess( hProcess, (DWORD) -1 ) )
printf( "TerminateProcess() failed, err =3D %lu\n", GetLastError() );
else
puts( "killed." );
// close handle
CloseHandle( hProcess );
}
}
return 0;
}
void getDebugPriv( void )
{
HANDLE hToken;
LUID sedebugnameValue;
TOKEN_PRIVILEGES tkp;
if ( ! OpenProcessToken( GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken ) )
return;
if ( !LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &sedebugnameValue ) )
{
CloseHandle( hToken );
return;
}
tkp.PrivilegeCount =3D 1;
tkp.Privileges[0].Luid =3D sedebugnameValue;
tkp.Privileges[0].Attributes =3D SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges( hToken, FALSE, &tkp, sizeof tkp, NULL, NULL );
CloseHandle( hToken );
}
------=_NextPart_000_0389_01C40534.74E1A640
Content-Type: text/plain; charset=us-ascii
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
------=_NextPart_000_0389_01C40534.74E1A640--
- Raw text -