Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-ID: <038c01c4055e$5e167010$920aa8c0@adexainc.com>
From: "Rob S.i.k.l.o.s" <rob2 AT siklos DOT ca>
To: <cygwin AT cygwin DOT com>
Subject: killing processes owned by others with kill.exe
Date: Mon, 8 Mar 2004 17:40:33 -0500
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_0389_01C40534.74E1A640"
X-IsSubscribed: yes
Note-from-DJ: This may be spam

------=_NextPart_000_0389_01C40534.74E1A640
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Hello,

I've noticed that /bin/kill.exe is unable to kill processes that are run as
another user (e.g. SYSTEM) (even with -f).

Is this intentional?  If not, would it be possible for someone to use the
attached code to make it possible?  It is basically a regular version of
"windows" kill, except that it gets "debug privileges" before trying to kill
the process - a nice trick left over from the NT 4.0 resource kit days.

Currently, I have to distribute my own fkill.exe to all the systems where I
need it, but it would be handy if it was part of Cygwin.

I know this is a pretty lazy request, but it seems like functionality that
many people might use.   (It's especially useful for killing broken windows
services that run as localsystem, and don't shut down properly).

Thanks,

Rob.

P.S. - I would do this myself, but I don't think I'm qualified to mess with
core Cygwin stuff.

------=_NextPart_000_0389_01C40534.74E1A640
Content-Type: application/octet-stream;
	name="fkill.c"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
	filename="fkill.c"

#include <windows.h>
#include <stdio.h>
#pragma hdrstop



// fkill forces a kill -- it will attempt to enable SeDebugPrivilege
// before opening its process handles, allowing it to kill processes
// running under builtin\system (LocalSystem, to the users out there).


int main( int argc, char *argv[] );
void getDebugPriv( void );



#define isBadHandle(h) ( (h) =3D=3D NULL || (h) =3D=3D INVALID_HANDLE_VALUE=
 )
#define lenof(x) ( sizeof (x) / sizeof ((x)[0]) )

#define MAXPID 1024

int main( int argc, char *argv[] )
{
	int pidCount, i, errors;
	char *p;
	HANDLE hProcess;
	static DWORD pid[MAXPID];

	// parse args, build PID list
	errors =3D pidCount =3D 0;

	for ( i =3D 1; i < argc; i ++ )
	{
		if ( pidCount =3D=3D lenof( pid ) ) {
			errors ++;
			break;
		}

		pid[pidCount] =3D strtol( argv[i], &p, 0 );
		if ( p =3D=3D argv[i] || *p )
			errors ++;
		else
			pidCount ++;
	}

	if ( errors || pidCount =3D=3D 0 )
	{
		puts( "Usage: fkill pid [...]" );
		puts( "fkill tries to kill the processes specified by the PIDs. If the" );
		puts( "user has debug privileges, fkill is able to kill system processes.=
" );
		puts( "PIDs may be decimal, octal (starts with 0), or hex (starts with 0x=
)." );
		return MAXPID + 1;
	}

	// try to acquire SeDebugPrivilege
	getDebugPriv();

	errors =3D 0;
	// for each PID:
	for ( i =3D 0; i < pidCount; i ++ )
	{
		printf( "pid %lu: ", pid[i] );

		// open process
		hProcess =3D OpenProcess( PROCESS_TERMINATE, FALSE, pid[i] );
		if ( isBadHandle( hProcess ) )
			printf( "OpenProcess() failed, err =3D %lu\n", GetLastError() );
		else
		{
			// kill process
			if ( ! TerminateProcess( hProcess, (DWORD) -1 ) )
				printf( "TerminateProcess() failed, err =3D %lu\n", GetLastError() );
			else
				puts( "killed." );

			// close handle
			CloseHandle( hProcess );
		}
	}

	return 0;
}



void getDebugPriv( void )
{
	HANDLE hToken;
	LUID sedebugnameValue;
	TOKEN_PRIVILEGES tkp;

	if ( ! OpenProcessToken( GetCurrentProcess(),
		TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken ) )
		return;

	if ( !LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &sedebugnameValue ) )
	{
		CloseHandle( hToken );
		return;
	}

	tkp.PrivilegeCount =3D 1;
	tkp.Privileges[0].Luid =3D sedebugnameValue;
	tkp.Privileges[0].Attributes =3D SE_PRIVILEGE_ENABLED;

	AdjustTokenPrivileges( hToken, FALSE, &tkp, sizeof tkp, NULL, NULL );

	CloseHandle( hToken );
}




------=_NextPart_000_0389_01C40534.74E1A640
Content-Type: text/plain; charset=us-ascii

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/
------=_NextPart_000_0389_01C40534.74E1A640--