Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


ZwTerminateProcess crashes

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
iPromise
Grandmaster Cheater
Reputation: -1

Joined: 27 Jun 2009
Posts: 529
Location: Canada
PostPosted: Fri Jul 19, 2013 11:45 am    Post subject: ZwTerminateProcess crashes Reply with quote
After I attach my driver using KeStackAttachProcess to the target application, I try to call ZwTerminateProcess to close the process after I'm done with it but each time I call it I get a BSOD.

Code:

ZwTerminateProcess ( NtCurrentProcess (), ntStatus );


I thought that I couldn't terminate the process while I was still attached to it, so I removed that code and put it in my unload function (which by then has already detached itself from the game) and tried this:

Code:

ZwTerminateProcess ( hTarget, ntStatus );


with hTarget being ofcourse the handle to the target process. While I was still attached to the target I did hTarget = NtCurrentProcess ().

I read on msdn that they wanted me to use a kernel handle, so I used ZwOpenProcess to try and locate the handle like so:

Code:

ntStatus = ZwOpenProcess ( &hTarget, DELETE, NULL, (PCLIENTID) &dwProcessID );

if ( ntStatus == STATUS_SUCCESS )
   TerminateProcess ( hTarget, ntStatus );


but that still didn't cut it.

so i'm confused now and I have no idea what i'm doing wrong.
Back to top
View user's profile Send private message MSN Messenger
Dark Byte
Site Admin
Reputation: 471

Joined: 09 May 2003
Posts: 25823
Location: The netherlands
PostPosted: Fri Jul 19, 2013 12:11 pm    Post subject: Reply with quote
Perhaps your handle doesn't have the rights to Terminate ?

Also, I take it you meant ZwTerminateProcess ?

Another method to get a handle:
Code:

         if (PsLookupProcessByProcessId((PVOID)(UINT_PTR)(processid),&selectedprocess)==STATUS_SUCCESS)
               {      

                     DbgPrint("Calling ObOpenObjectByPointer\n");
                     ntStatus=ObOpenObjectByPointer (
                              selectedprocess,
                              0,
                              NULL,
                              PROCESS_ALL_ACCESS,
                              *PsProcessType,
                              KernelMode, //UserMode,
                              &ProcessHandle);

                     DbgPrint("ntStatus=%x",ntStatus);
               }

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
iPromise
Grandmaster Cheater
Reputation: -1

Joined: 27 Jun 2009
Posts: 529
Location: Canada
PostPosted: Sat Jul 20, 2013 1:40 pm    Post subject: Reply with quote
Thanks that worked out fine.

Appreciate the help!
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites