Sign in to follow this  
Followers 0
Julius Ramos

ProcessClose, Didn't kill the process

21 posts in this topic

i use ProcessClose to kill the process but it did not kill the process.

here's the scenario:

i have two running process, these two process is watching each other. if one process is killed, this will recreate again by the process whos watching on this.

proc1.exe

proc2.exe

if you kill proc1.exe, it will execute again by proc2.exe.

if you kill proc2.exe, it will execute again by proc1.exe

here's my code:

ProcessClose("proc1.exe")
ProcessClose("proc2.exe")
ProcessClose("proc1.exe")
ProcessClose("proc2.exe")

but not work. it more faster to create process than killing the process


-----------------------------------------------------------BSECE, MCPAIM: juliusrmsYM: jivy_21@yahoo.comMSN: juliusLramos@hotmail.comMobile #: (Globe): +639167031989Web: http://www.trendmicro.com

Share this post


Link to post
Share on other sites



I had a virus that annoyingly did that too me.


[center]Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.[/center]

Share this post


Link to post
Share on other sites

An unorthodox solution might consist of using ProcessSetPriority() to boost the AutoIt script's priority to real-time and then trying 3 or 4 times to close both processes (Perhaps use a loop). With any luck, this will prove consistent. However, be aware that you always will have a race condition and the best you can do using a method such as this is to just keep trying until things fall into place. All that using real-time priority will do is help your script win the race, but it doesn't guarantee anything.

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

An unorthodox solution might consist of using ProcessSetPriority() to boost the AutoIt script's priority to real-time and then trying 3 or 4 times to close both processes (Perhaps use a loop). With any luck, this will prove consistent. However, be aware that you always will have a race condition and the best you can do using a method such as this is to just keep trying until things fall into place. All that using real-time priority will do is help your script win the race, but it doesn't guarantee anything.

maybe block input while the other process doesn't exist? still a race but you're kind of tipping the odds in your favor then...

***edit***

sorry, misinterpretted the desired result...why not make a script that:

1) kills process 1

2) starts new process w/ same name as process 1, that kills process 2...

Edited by cameronsdad

1100111 00001011101111 00011101101111 00010111100100 00001111110100 00110111110010 00101101111001 0011100i didn't make up this form of encryption, but i like it.credit to the lvl 6 challenge on arcanum.co.nz

Share this post


Link to post
Share on other sites

maybe block input while the other process doesn't exist? still a race but you're kind of tipping the odds in your favor then...

***edit***

sorry, misinterpretted the desired result...why not make a script that:

1) kills process 1

2) starts new process w/ same name as process 1, that kills process 2...

If there is enough time to do that, there's enough time to kill both processes.

I doubt the scripts are watching one another based on process name. Likely they are using a mutex or some other synchronization object, a class name, et cetera.

Share this post


Link to post
Share on other sites

If there is enough time to do that, there's enough time to kill both processes.

I doubt the scripts are watching one another based on process name. Likely they are using a mutex or some other synchronization object, a class name, et cetera.

yeah right after i posted that i remembered that you can have multiple processes w/ same name, so having the new process same name wouldn't have helped anyway... what about deleting the file associated w/ the process as soon as the process is stopped? and would lowering the priority of process 2 before killing process 1 also help?

1100111 00001011101111 00011101101111 00010111100100 00001111110100 00110111110010 00101101111001 0011100i didn't make up this form of encryption, but i like it.credit to the lvl 6 challenge on arcanum.co.nz

Share this post


Link to post
Share on other sites

maybe block input while the other process doesn't exist? still a race but you're kind of tipping the odds in your favor then...

***edit***

sorry, misinterpretted the desired result...why not make a script that:

1) kills process 1

2) starts new process w/ same name as process 1, that kills process 2...

even thought you create same process name with proc1.exe, proc2.exe will create proc1.exe. with this situation we dont know the behavior of proc1.exe and proc2.exe. we dont know if the are watching by filename, filename and size, or by ID.


-----------------------------------------------------------BSECE, MCPAIM: juliusrmsYM: jivy_21@yahoo.comMSN: juliusLramos@hotmail.comMobile #: (Globe): +639167031989Web: http://www.trendmicro.com

Share this post


Link to post
Share on other sites

even thought you create same process name with proc1.exe, proc2.exe will create proc1.exe. with this situation we dont know the behavior of proc1.exe and proc2.exe. we dont know if the are watching by filename, filename and size, or by ID.

right, we've been over that... :P

1100111 00001011101111 00011101101111 00010111100100 00001111110100 00110111110010 00101101111001 0011100i didn't make up this form of encryption, but i like it.credit to the lvl 6 challenge on arcanum.co.nz

Share this post


Link to post
Share on other sites

yeah right after i posted that i remembered that you can have multiple processes w/ same name, so having the new process same name wouldn't have helped anyway... what about deleting the file associated w/ the process as soon as the process is stopped? and would lowering the priority of process 2 before killing process 1 also help?

Oh, duh. Just rename both executable files. You can rename a file, even a file that is in use. After you rename both files, then use ProcessClose(). I doubt the processes can be restarted at this point.

Share this post


Link to post
Share on other sites

If you want to test your script you can download websearch.

you can get it here --> http://download.websearch.com/install/tb_confirm_info.aspx

NOTE: according to the antivirus company, this is SPYWARE....

Please test your script in VMware to avoid your IE become corrupted.

this spyware will create two process TBPS.exe and PIB.exe


-----------------------------------------------------------BSECE, MCPAIM: juliusrmsYM: jivy_21@yahoo.comMSN: juliusLramos@hotmail.comMobile #: (Globe): +639167031989Web: http://www.trendmicro.com

Share this post


Link to post
Share on other sites

Oh, duh. Just rename both executable files. You can rename a file, even a file that is in use. After you rename both files, then use ProcessClose(). I doubt the processes can be restarted at this point.

You can not rename a file that is on process. if the file is on process , this has been lock. this is the behavior of the the sample that im trying to kill


-----------------------------------------------------------BSECE, MCPAIM: juliusrmsYM: jivy_21@yahoo.comMSN: juliusLramos@hotmail.comMobile #: (Globe): +639167031989Web: http://www.trendmicro.com

Share this post


Link to post
Share on other sites

You can not rename a file that is on process. if the file is on process , this has been lock. this is the behavior of the the sample that im trying to kill

First, did you try? I can rename running programs quite easily, I just can't delete them until the process stops (With XP). If you did try and you can not do it, most likely, the two processes are locking one another to prevent being closed in such a manner. If that is the case, just do what I said originally and boost the process priority to try to win the race condition.

Share this post


Link to post
Share on other sites

couldn't u also lower the process priority to low on the second program??, help run the race as its been called :P

~Dark

Share this post


Link to post
Share on other sites

Okay, the files do lock each other so trying a rename is out of the question.

I discovered that if you kill the entire process tree by choosing "TBPS.exe" as the parent, it will kill both processes. My suggestion to you is to download pskill and FileInstall() it. I would run some code like this to try to kill it:

While ProcessExists("TBPS.exe") Or ProcessExists("PIB.exe")
    RunWait("pskill -t TBPS.exe")
    Sleep(1000)
WEnd

Share this post


Link to post
Share on other sites

Okay, the files do lock each other so trying a rename is out of the question.

I discovered that if you kill the entire process tree by choosing "TBPS.exe" as the parent, it will kill both processes. My suggestion to you is to download pskill and FileInstall() it. I would run some code like this to try to kill it:

[code]While ProcessExists("TBPS.exe") Or ProcessExists("PIB.exe")
    RunWait("pskill -t TBPS.exe")
    Sleep(1000)
WEnd
This simple code is working. But please improve the ability of ProcessClose to kill process same as pskill.

While ProcessExists("TBPS.exe") Or ProcessExists("PIB.exe")
         ProcessClose("TBPS.exe")
         ProcessClose("PIB.exe")
    Sleep(1000)
WEnd

I did also this simple code but not work.

Is there any reason why did ProcessClose not kill the process?

Why the pskill can kill the process and ProcessClose did not?


-----------------------------------------------------------BSECE, MCPAIM: juliusrmsYM: jivy_21@yahoo.comMSN: juliusLramos@hotmail.comMobile #: (Globe): +639167031989Web: http://www.trendmicro.com

Share this post


Link to post
Share on other sites

This simple code is working. But please improve the ability of ProcessClose to kill process same as pskill.

While ProcessExists("TBPS.exe") Or ProcessExists("PIB.exe")
         ProcessClose("TBPS.exe")
         ProcessClose("PIB.exe")
    Sleep(1000)
WEnd

I did also this simple code but not work.

Is there any reason why did ProcessClose not kill the process?

Why the pskill can kill the process and ProcessClose did not?

I too have found situations where processClose() does not work but pskill does

Share this post


Link to post
Share on other sites

Why the pskill can kill the process and ProcessClose did not?

It helps if you read the posts of those who are helping you:

I discovered that if you kill the entire process tree ... it will kill both processes.

This is not what ProcessClose is designed to do. It could probably be done using DLL calls though.

Share this post


Link to post
Share on other sites

It's non-trivial to do it via DllCall() or I would have just written it. It involves enumerating processes and determining their ancestry which is very difficult to do since it has to be done 2 seprate ways depending on whether you're using an NT based version of Windows or the old 9x line.

Share this post


Link to post
Share on other sites

It's non-trivial to do it via DllCall() or I would have just written it. It involves enumerating processes and determining their ancestry which is very difficult to do since it has to be done 2 seprate ways depending on whether you're using an NT based version of Windows or the old 9x line.

hi Valik,

do you have a code that will list all process that support Win NT and win 9x.


-----------------------------------------------------------BSECE, MCPAIM: juliusrmsYM: jivy_21@yahoo.comMSN: juliusLramos@hotmail.comMobile #: (Globe): +639167031989Web: http://www.trendmicro.com

Share this post


Link to post
Share on other sites

Not in AutoIt syntax. It seems like somebody, maybe Larry posted something along those lines once.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0