As the title suggest: Which functions of an application are called when it's killed by Windows 10, either by End Task in Task Manager or Terminate it in Settings? Or there's no function called at all and all the threads are killed immediately?
I'm working on a program in which lots of data are corrupted/destroyed when user terminates it, I want to reduce the risk of that so I really need your help, unfortunately Google doesn't provide much help in this matter. Thank you.
Related
I'm trying to make a virus to run on VMWare so I could have some fun with Ubuntu and
experiment with it. Now, I would be interested that my experimental virus (although it's hardly a virus, it's more of an actual program) would be able to kill/terminate every process but itself and the system processes.
I thought of 2 options:
Either I get all the non-system processes IDs and kill each, comparing to mine first, to avoid killing myself.
OR there's an actual command or a function built-in doing that in some, I did some research and I succeeded making my process 'shielded' from any terminating/killing signals, but I'm not sure how to search other processes IDs (non-system ones).
Any idea on how to perform this?
Following command is to list every process on the system.
ps aux
I have an Win32 application with no window written in C.
My question is: is there any way to handle the termination of my application. Ex. closing it from the task manager or via the console.
It is unclear from the question, but if this is a console mode application then you can call SetConsoleCtrlHandler to install a callback that Windows will call just before it terminates your app. Beware that this callback runs on a separate thread and that you have to complete the callback function quickly.
If it is a native Windows program that just doesn't create a window then you really do need a window to get notifications like this. Which is not a problem, it doesn't have to be visible. Just don't call ShowWindow().
Note that atexit() as mentioned will not work, these are rude aborts you are talking about that don't let the program go through its normal shutdown sequence.
You might like to take a look at the atexit() function (http://msdn.microsoft.com/en-us/library/tze57ck3%28v=vs.100%29.aspx).
Using this function you can install handlers which are called when the program terminates.
I want to build an odometer to keep track of how long I've been on a server since I last reset the counter.
Recently I've been logging quite a bit of time working on one of my school's unix servers and began wondering just how much time I had racked up in the last couple days. I started trying to think of how I could go about writing either a Bash script or C program to run when my .bash_profile was loaded (ie. when I ssh into the server), background itself, and save the time to a file when I closed the session.
I know how to make a program run when I login (through the .bash_profile) and how to background a C program (by way of forking?), but am unsure how to detect that the ssh session has been terminated (perhaps by watching the sshd process?)
I hope this is the right stack exchange to ask how you would go about something like this and appreciate any input.
Depending on your shell, you may be able to just spawn a process in the background when you log in, and then handle the kill signal when the parent process (the shell) exits. It wouldn't consume resources, you wouldn't need root privileges, and it should give a fairly accurate report of your logged in time.
You may need to use POSIX semaphores to handle the case of multiple shells logged in simultaneously.
Have you considered writing a script that can be run by cron every minute, running "who", looking at its output for lines with your uid in them, and bumping a counter if it finds any? (Use "crontab -e" to edit your crontab.)
Even just a line in crontab like this:
* * * * * (date; who | grep $LOGNAME)>>$HOME/.whodata
...would create a log you could process later at your leisure.
I'm writing a TFTP server program for university, which needs exclusive access to the files it opens for reading. Thus it can be configured that if a file is locked by another process that it waits for the file to become unlocked.
Is there any way on Win32 to wait for a file become unlocked without creating a handle for it first?
The reason I ask, is that if another process calls CreateFile() with a dwShareMode that is incompatible to the one my process uses, I won't even be able to get a file handle to use for waiting on the lock using LockFileEx().
Thanks for your help in advance!
If you take a look at the Stack Overflow questions What Win32 API can be used to find the process that has a given file open? and SYSTEM_HANDLE_INFORMATION structure, you will find links to code that can be used to enumerate processes and all open handles of each running process. This information can be used to obtain a HANDLE to the process that has the file open as well as its HANDLE for the file. You would then use DuplicateHandle() to create a copy of the file HANDLE, but in the TFTP process' handle table. The duplicated HANDLE could then be used by the TFTP process with LockFileEx().
This solution relies on an internal function, NtQuerySystemInformation(), and an undocumented system information class value that can be used to enumerate open handles. Note that this feature of NtQuerySystemInformation() "may be altered or unavailable in future versions of Windows". You might want to use an SEH handler to guard against access violations were that to happen.
As tools from MS like OH and Process Explorer do it, it is definitely possible to get all the handles opened by a process. From there to wait on what you'd like the road is still long, but it is a beginning :)
If you have no success with the Win32 API, one place to look at is for sure the NT Native API http://en.wikipedia.org/wiki/Native_API
You can start from here http://msdn.microsoft.com/en-us/library/windows/desktop/ms724509%28v=vs.85%29.aspx and see if it works with the SystemProcessInformation flag.
Look also here for a start http://nsylvain.blogspot.com/2007/09/how-list-all-open-handles.html
The native API is poorly documented, but you can find resources online (like here http://www.osronline.com/article.cfm?id=91)
As a disclaimer, I should add that the Native API is somehow "internal", and therefore subject to change on future versions. Some functions, however, are exposed also publicly in the DDK, at kernel level, so the likelihood of these functions to change is low.
Good luck!
I have a process (say, for example, MyProcessA), hooked an exe and injected my dll (MyDll.dll) into the process space of MyProcessA, so even if it's gonna create n number of child processes it will be process hooked as well. I have no problem in hooking and injecting the dll into the process. I have hooked all file and process dependant functions, but somehow I am not able to achieve complete hook of any setup (any application setup). I suspect if am missing any process related APIs or it might be some UAC problem, currently I am using CreateProcess(A&W), NtCreateProcess, ShellExecute(A&W). What could be the problem?
I suspect that the answer is related to the "Windows Installer Service". I'm guessing that your hooks wouldn't catch any interactions with a service, which even if launched as a result of FireFox's setup is going to be created by a different System process. I haven't had much experience with Windows Installer, but the documentation here should have more details than you could possibly wish for, given the time to find it.
UAC might also cause you issues, but you should be able to rule that out by launching the hooking code with administrative privileges to start with.
Is this research for uni? Either way good luck, it sounds like an interesting problem.