Beispiel #1
0
/*
 * @implemented
 */
NTSTATUS
NTAPI
DbgUiStopDebugging(IN HANDLE Process)
{
    /* Call the kernel to remove the debug object */
    return NtRemoveProcessDebug(Process, NtCurrentTeb()->DbgSsReserved[1]);
}
Beispiel #2
0
VOID PhShowProcessTerminatorDialog(
    _In_ HWND ParentWindowHandle,
    _In_ PPH_PROCESS_ITEM ProcessItem
    )
{
    NTSTATUS status;
    HANDLE processHandle;
    HANDLE debugObjectHandle;

    if (NT_SUCCESS(PhOpenProcess(
        &processHandle,
        PROCESS_QUERY_INFORMATION | PROCESS_SUSPEND_RESUME,
        ProcessItem->ProcessId
        )))
    {
        if (NT_SUCCESS(PhGetProcessDebugObject(
            processHandle,
            &debugObjectHandle
            )))
        {
            if (PhShowMessage(
                ParentWindowHandle,
                MB_ICONWARNING | MB_YESNO,
                L"The selected process is currently being debugged, which can prevent it from being terminated. "
                L"Do you want to detach the process from its debugger?"
                ) == IDYES)
            {
                ULONG flags;

                // Disable kill-on-close.
                flags = 0;
                NtSetInformationDebugObject(
                    debugObjectHandle,
                    DebugObjectFlags,
                    &flags,
                    sizeof(ULONG),
                    NULL
                    );

                if (!NT_SUCCESS(status = NtRemoveProcessDebug(processHandle, debugObjectHandle)))
                    PhShowStatus(ParentWindowHandle, L"Unable to detach the process", status, 0);
            }

            NtClose(debugObjectHandle);
        }

        NtClose(processHandle);
    }

    DialogBoxParam(
        PhInstanceHandle,
        MAKEINTRESOURCE(IDD_TERMINATOR),
        ParentWindowHandle,
        PhpProcessTerminatorDlgProc,
        (LPARAM)ProcessItem
        );
}