Re: W2k: Unkillable Applications

[Chris Adams <chris () improbable org>]

on 2001-07-17 12:11, Alun Jones at alun () texis com wrote:

> At 11:58 AM 7/17/2001, Chris Adams wrote:
> > on 2001-07-17 09:20, Justin Nelson at security () jm4n com wrote:
> > > Under Windows 2000 Pro, I made a copy of "notepad.exe" renamed to
> > > "winlogon.exe", and could not kill it via the Task Manager. Both the 'kill'
> > > command and the VC++ debugger were able to kill it.
> >
> > Task Manager is really inconsistent - I renamed a copy of notepad to
> > winlogon.exe. If I start it and try to kill it through the "Applications"
> > tab of the task manager, it will be killed as normal. If I try to kill it
> > through the "Processes" tab, task manager won't let me.
>
> The answer here is that the "End Task" button on the "Applications" tab
> tries to send a WM_QUIT message to the foreground window.  The "End
> Process" (note the different name) button on the "Processes" tab calls
> TerminateProcess() on the process.
>
> Task Manager _is_ being consistent - it's just that you don't seem to
> understand the difference between "Tasks" / "Applications" (really just
> windows with no parent) and "Processes" (which are true processes).

Whoa - can the flames, please. The reasons why this happen make sense but
the user interface is inconsistent. That's the problem here - a non system
task will be reported as a system task, even though it's not and can easily
be terminated. The end process button will have different results depending
on whether it checks its hardcoded process list before attempting to kill
something. 

Chris