Can't call these functions

[LittleCoderNthai]

I want to call Zw... functions (ZwTerminateprocess, ZwTerminateThread...) from ntdll.dll.

I used this code:

$pid = ProcessExists("taskmgr.exe")
$thread = _GetAllProcessThreads($Pid) ;An UDF on this forum
$tit=$thread[0][0]
$strt="int pid; int tit"
$s="dword* exit"
$exitcode=DllStructCreate($s)
$struct=DllStructCreate($strt)
DllStructSetData($struct, "pid", $pid)
DllStructSetData($struct, "tit", $tit)
DllCall("ntdll.dll", "int", "ZwOpenThread", "hwnd", $hwnd, "string", "THREAD_TERMINATE", "ptr", "", "ptr", $struct)
DllCall("kernel3.dll", "int", "GetExitCodeThread", "hwnd", $hwnd, "dword*", $exitcode)
DllCall("ntdll.dll", "int", "ZwTerminateThread", "hwnd", $hwnd, "uint", $exitcode)

P/s:I ran Task Manager (taskmgr.exe) before running the script.

After the script ran, the tray icon disappeared, but the script's process still exist and the taskmgr.exe process still exists, too.

Please help me!

[jvanegmond]

Ofcourse you can't call the ZwX functions, they're ment for drivers.

Edit: Here some more info: http://msdn.microsoft.com/en-us/library/ee308300.aspx

Edited September 2, 2009 by Manadar

[trancexx]

Ofcourse you can't call the ZwX functions, they're ment for drivers.

Edit: Here some more info: http://msdn.microsoft.com/en-us/library/ee308300.aspx

Nevermind (joke) that. You can call them. That's not the problem LittleCoderNthai is experiencing.

But should be said that it would be proper to call Nt... version of the function since we are always in user-mode.

Another story is that neither should be called for the job. OpenThread and TerminateThread from kernel32.dll should be called. The code from this dll will redirect calls to where it's needed (again Nt... versions of mentioned functions).

All in all, main LittleCoderNthai's problem is how is something called much more than what is called.