|
I believe so, but when this doesn't work (dispite the WM_CLOSE the software doesn't quit) the user is offered the option of ending the process. When i got this dialog, in task manager on the Applications tab i selected it, right-clicked it and chose 'Go to process' and task manager has shown me 'csrss.exe'. If i hit 'End Task' on the dialog the hooked TerminateProcess doesn't get called in task manager so i believe somehow task manager "hands the process" over to "csrss" to terminate it. Or maybe taskmanager simply kills the process with some other API call. Either way, i'd like to know how it does it so i can 'intercept'. I first tried to hook TerminateProcess in csrss the same way as i did in task manager but i failed at it (i supose because that process belongs to SYSTEM).
P.s.: thanks for answering.
> The problem with computers is that they do what you tell them to do and not what you want them to do. <
> If it doesn't matter, it's antimatter.<
|
|
|
|
|
Code-o-mat wrote: Either way, i'd like to know how it does it so i can 'intercept'.
Seems like a bad idea.
What is your goal - maybe there is another approach.
Googling suggests that in newer windows versions you might be able to set up a ACL for a windows service that prevents exits (taking care as a system reboot must still be allowed.) So it isn't an intercept rather it doesn't allow it in the first place.
modified 28-Jan-12 10:33am.
|
|
|
|
|
I don't want to prevent the user from killing the process if he wishes to do so, i just want to create some log entries (and possibly a minidump) when he does.
> The problem with computers is that they do what you tell them to do and not what you want them to do. <
> If it doesn't matter, it's antimatter.<
|
|
|
|
|
Code-o-mat,
You could probably hook the EndTask function[^] within taskmanager exported from user32 and return TRUE. You might also need to hook NtTerminateProcess[^] inside taskmanager and exported from ntdll. The task manager probably also sends a WM_CLOSE message.
Best Wishes,
-David Delaune
|
|
|
|
|
Hooking EndTask does the trick in Windows XP (sadly doesn't seem to work under Win7), thank you for the idea worth a five point vote.
> The problem with computers is that they do what you tell them to do and not what you want them to do. <
> If it doesn't matter, it's antimatter.<
|
|
|
|
|
Code-o-mat,
I have not tried this on Windows7. Some years back I had to do this on an embedded XP box running maritime dynamic-positioning software. The DP operators would sometimes kill the process and I needed to log this action. I ended up hooking EndTask/NtTerminateProcess. Anyway... this sounds like a worthy challenge for my weekend. I'll fire up WinDbg and see what Win7 is doing differently.
Best Wishes,
-David Delaune
|
|
|
|
|
Thanks for the effort.
> The problem with computers is that they do what you tell them to do and not what you want them to do. <
> If it doesn't matter, it's antimatter.<
|
|
|
|
|
Hey,
It doesn't look like I will have any spare time this weekend for looking into this. I have added it to my TODO list and will look into the issue later this week if time permits.
Best Wishes,
-David Delaune
|
|
|
|
|
In case you care, here's what i found out till now:
-if you hit "End Process" on the "Processes" tab, Task Manager uses TerminateProcess
-if you hit "End Task" on the "Applications" tab, TM either uses EndTask , or it uses SendMessageTimeoutW to send WM_CLOSE to the app. I don't know by what condition it decides which one to use. However, if it considers the application hung (you see "Not Responding" in the "Status" column of its application list) then none of those calls are made but when you hit "End Task", a Windows Error Reporting window pops up asking if i want to look for solutions online. No idea what TM does to do this, i am trying to study the WER API to find out.
> The problem with computers is that they do what you tell them to do and not what you want them to do. <
> If it doesn't matter, it's antimatter.<
|
|
|
|
|
Hey,
Sorry... I assumed that you already knew all that. Some old posts:
what will happen when i terminate a process?[^]
Handling a process termination.[^]
Anyway... could you give me some details about the environment that you intend on using this code? In my case... I was working with special devices with a customized embedded XP and I had control over the operating system... because we designed the OS. I guess what I am asking... is... are you in a similar situation or do you intend on attempting to block this on a standard Windows box. Doing this is an extreme hack... and I would only recommend attepting this in a controlled/closed environment.
Did you hook both NtTerminateProcess and Endtask inside task manager? You can simply ignore the WM_CLOSE message in the target application... or perhaps hook SendMessageTimeoutW and simply return TRUE if the window handle is owned by the target process. I think I used an AppInit DLL to accomplish this on the embedded XP platform.
Keep me informed on your progress... I have been *extremely* busy the last few days but I expect to be finished soon and have some free time starting Friday and through the next weekend. What I wanted to do was grap my old DLL and install it into a Windows7 VM to see if it worked there. I highly doubt anything has changed... when you open the task manager it executes under the credentials of the currently logged in user...
If you want... click 'Email' in my reply and maybe we could collaborate and share some code.
Best Wishes,
-David Delaune
|
|
|
|
|
In C not C++,
I have LPTSTR str = "<xyz>texttext2<h>header</h><xyz>";
I would like to delete all tags NOT NAMED xyz
How do iterate through without deleting the 'xyz' tag ?
|
|
|
|
|
Suggestion. Write a function that searches for the start of the tag and returns the index of the opening <. Write another function that searches for the end of the tag and returns the index of the closing >. Then write a function that 'moves' everything from after the end index to the opening index.
Chris Meech
I am Canadian. [heard in a local bar]
In theory there is no difference between theory and practice. In practice there is. [Yogi Berra]
posting about Crystal Reports here is like discussing gay marriage on a catholic church’s website.[Nishant Sivakumar]
|
|
|
|
|
Sorry, don't quite follow.
|
|
|
|
|
How about an ASCII picture.
Start End
Index Index
| |
LPTSTR str = "<xyz>texttext2<h>header</h><xyz>";
| |____|
| Stuff to move-+
| |
+--<--< goes here -<--<-+
The first function will return the start index.
The second function will return the end index.
The third function will move all characters after the end index to the end of the string and place them in start index resulting in
LPTSTR str = "<xyz>texttext2<xyz>";
Hope that is clearer.
Chris Meech
I am Canadian. [heard in a local bar]
In theory there is no difference between theory and practice. In practice there is. [Yogi Berra]
posting about Crystal Reports here is like discussing gay marriage on a catholic church’s website.[Nishant Sivakumar]
|
|
|
|
|
Beautiful picture.
If the Lord God Almighty had consulted me before embarking upon the Creation, I would have recommended something simpler.
-- Alfonso the Wise, 13th Century King of Castile.
This is going on my arrogant assumptions. You may have a superb reason why I'm completely wrong.
-- Iain Clarke
[My articles]
|
|
|
|
|
Use strchr(). Look for left angle bracket. Read the next char. If it isnt an 'x' then delete everything up to and including the next right angle bracket with a matching tag.
==============================
Nothing to say.
|
|
|
|
|
Iterate over the string, copying characters from source to destination. If you see a tag not named xyz, stop copying until the matching tag is encountered.
"One man's wage rise is another man's price increase." - Harold Wilson
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons
"Show me a community that obeys the Ten Commandments and I'll show you a less crowded prison system." - Anonymous
|
|
|
|
|
This is what I was looking for, I just couldn't get it to work.
Could you show a pseudo snippet of code in C?
Thanks
|
|
|
|
|
const char *pszSource = "<xyz>texttext2<h>header</h></xyz>";
char szDest[128] = { '\0' };
int x = 0;
while (pszSource && *pszSource != '\0')
{
szDest[x] = *pszSource;
x++;
pszSource++;
}
"One man's wage rise is another man's price increase." - Harold Wilson
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons
"Show me a community that obeys the Ten Commandments and I'll show you a less crowded prison system." - Anonymous
modified 27-Jan-12 16:38pm.
|
|
|
|
|
I tried few source codes to test read/write disk sectors. I noticed that a small part of the sectors remains hidden, despite the fact media examiners (like ftk image AccessData) reveal their presence. Is this solvable in VC++?
36. When you surround an army, leave an outlet free.
...
Do not press a desperate foe too hard.
SUN-TZU - Art of War
|
|
|
|
|
I've a problem I've never seen before. One application launches one or more child processes. Rarely, one of those child processes doesn't completely exit. It doesn't show up in task manager, but does show up in Resource Monitor, Process Explorer and by calling a CreateToolhelp32Snapshot/Process32First. When I try to open the process, it fails (and Process Explorer shows question marks for all handles, which would seem to me that they have been closed.)
Anyone have a clue?
PS. This is on Windows 7 64 and both the main application and child applications are 64-bit. Both are in C++ and use Qt. I just inherited this project so am not yet familiar with all the wiring, but I've never seen this behavior before.
|
|
|
|
|
Hey Joe,
Unfortunately... it means there is a bug in your code somewhere. I call them 'Zombie processes' and they are generally caused by a handle leak. You can create a process zombie by launching a child process duplicating and never closing its handle. The process does not show up in the task manager because the process has exited. The zombies are consuming system resources and next will be your brain.
Best Wishes,
-David Delaune
|
|
|
|
|
I am trying to set the font for radio button using below code in my project but font does not set. Font and color does not set for text on radio button.
I have a dialog base application (MFC), at dialog there are some radio buttons
In dialog class, Oninitdialog() i use
CFont* pFont = GetDlgItem( IDC_RADIO1 )->GetFont();
LOGFONT LogFont = { 0 };
pFont->GetLogFont( &LogFont );
LogFont.lfItalic = TRUE;
LogFont.lfWidth = 9;
LogFont.lfHeight = 12;
LogFont.lfWeight = FW_BOLD;
memcpy(LogFont.lfFaceName,"Verdana",7);
m_StaticFont.CreateFontIndirect( &LogFont );
GetDlgItem( IDC_RADIO1 )->SetFont( &m_StaticFont );
in header file
CFont m_StaticFont;
To set the color for text on radio button, i use OnCtlColor (WM_CTLCOLOR)
HBRUSH CtestxmlDlg::OnCtlColor(CDC* pDC, CWnd* pWnd, UINT nCtlColor)
{
///
if(pWnd->GetDlgCtrlID() == IDC_RADIO1)
pDC->SetTextColor(RGB(255,0,0));
////
}
But when i use above code in a test program it works. Please suggest what's wrong.
I have debug my project and found OnCtlColor calls and it set the text color also.
Please help.
|
|
|
|
|
How is this test program different from the dialog based program that you mentioned first?
|
|
|
|
|
Both are dialog based applications. Test program contains only one radio button.
In main program there are lot of controls and work against them
|
|
|
|