BOOL WINAPI OnTerminateThread(HANDLE hThread, DWORD dwExitCode) { //typedef BOOL (WINAPI* OnTerminateThread_t)(HANDLE hThread, UINT dwExitCode); ORIGINAL_KRNL(TerminateThread); BOOL lbRc; #if 0 if (gbIsLessProcess) { _ASSERTE(FALSE && "Continue to terminate thread"); } #endif if (hThread == GetCurrentThread()) { // And terminate our service threads gnDllState |= ds_OnTerminateThread; // Main thread is abnormally terminating? if (GetCurrentThreadId() == gnHookMainThreadId) { DoDllStop(false, ds_OnTerminateThread); } } lbRc = F(TerminateThread)(hThread, dwExitCode); return lbRc; }
// For example, mintty is terminated ‘abnormally’. It calls TerminateProcess instead of ExitProcess. BOOL WINAPI OnTerminateProcess(HANDLE hProcess, UINT uExitCode) { //typedef BOOL (WINAPI* OnTerminateProcess_t)(HANDLE hProcess, UINT uExitCode); ORIGINAL_KRNL(TerminateProcess); BOOL lbRc; if (hProcess == GetCurrentProcess()) { #ifdef PRINT_ON_EXITPROCESS_CALLS wchar_t szInfo[80]; _wsprintf(szInfo, SKIPCOUNT(szInfo) L"\n\x1B[1;31;40m::TerminateProcess(%u) called\x1B[m\n", uExitCode); WriteProcessed2(szInfo, lstrlen(szInfo), NULL, wps_Error); #endif gnDllState |= ds_OnTerminateProcess; // We don't need to do proper/full deinitialization, // because the process is to be terminated abnormally DoDllStop(false, ds_OnTerminateProcess); lbRc = F(TerminateProcess)(hProcess, uExitCode); } else { lbRc = F(TerminateProcess)(hProcess, uExitCode); } return lbRc; }
// May be called from "C" programs VOID WINAPI OnExitProcess(UINT uExitCode) { //typedef BOOL (WINAPI* OnExitProcess_t)(UINT uExitCode); ORIGINAL_KRNL(ExitProcess); #if 0 if (gbIsLessProcess) { _ASSERTE(FALSE && "Continue to ExitProcess"); } #endif gnDllState |= ds_OnExitProcess; #ifdef PRINT_ON_EXITPROCESS_CALLS wchar_t szInfo[80]; _wsprintf(szInfo, SKIPCOUNT(szInfo) L"\n\x1B[1;31;40m::ExitProcess(%u) called\x1B[m\n", uExitCode); WriteProcessed(szInfo, lstrlen(szInfo), NULL); #endif // And terminate our threads DoDllStop(false, ds_OnExitProcess); bool bUseForceTerminate; // Issue 1865: Due to possible dead locks in LdrpAcquireLoaderLock() call TerminateProcess bUseForceTerminate = gbHookServerForcedTermination; #ifdef USE_GH_272_WORKAROUND // gh#272: For unknown yet reason existance of nvd3d9wrap.dll (or nvd3d9wrapx.dll on 64-bit) // caused stack overflow with following calls // // nvd3d9wrap!GetNVDisplayW+0x174f // nvd3d9wrap!GetNVDisplayW+0x174f // user32!_UserClientDllInitialize+0x2ca // ntdll!LdrpCallInitRoutine+0x14 // ntdll!LdrShutdownProcess+0x1aa // ntdll!RtlExitUserProcess+0x74 // kernel32!ExitProcessStub+0x12 // CallExit!main+0x47 if (!bUseForceTerminate && GetModuleHandle(WIN3264TEST(L"nvd3d9wrap.dll",L"nvd3d9wrapx.dll"))) { bUseForceTerminate = true; } #endif // USE_GH_272_WORKAROUND if (bUseForceTerminate) { ORIGINAL_KRNL(TerminateProcess); F(TerminateProcess)(GetCurrentProcess(), uExitCode); return; // Assume not to get here } F(ExitProcess)(uExitCode); }
// For example, mintty is terminated ‘abnormally’. It calls TerminateProcess instead of ExitProcess. BOOL WINAPI OnTerminateProcess(HANDLE hProcess, UINT uExitCode) { //typedef BOOL (WINAPI* OnTerminateProcess_t)(HANDLE hProcess, UINT uExitCode); ORIGINAL_KRNL(TerminateProcess); BOOL lbRc; if (hProcess == GetCurrentProcess()) { #ifdef PRINT_ON_EXITPROCESS_CALLS wchar_t szInfo[80]; _wsprintf(szInfo, SKIPCOUNT(szInfo) L"\n\x1B[1;31;40m::TerminateProcess(%u) called\x1B[m\n", uExitCode); WriteProcessed(szInfo, lstrlen(szInfo), NULL); #endif gnDllState |= ds_OnTerminateProcess; // We need not to unset hooks (due to process will be force-killed below) // And terminate our threads DoDllStop(false, ds_OnTerminateProcess); } lbRc = F(TerminateProcess)(hProcess, uExitCode); return lbRc; }