Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Kill process (windows 8) issues

I've installed Windows 8 around a month ago and have been having issues where when a process hangs I am unable to end/kill it. Neither task manager nor CMD Taskkill /f /PID #### will do the job, so I figured I'd write up my own process killer in C# and see what issues come up.

After writing up a small app I realized that I'm not all that smart as I thought - I'm still unable to end the process. At first I was able to find the process by name/PID:

Process p = Process.GetProcessById(aPid)
//or
foreach (Process p in Process.GetProcessesByName(aProcessName)

..and was getting "Access denied" exception when I tried to:

process.Kill();

..after a few attempts that changed and I would be unable to find the process anymore. Eg. when I tried to find it by name or PID nothing was returned, while the process still remained in the Task Manager and on my screen.

I have also read up on Process @MSDN and it says that "Access Denied" can be thrown if the process is already terminating or could not be terminated.. :(

Help? Is there really no way to FORCE end process?

like image 847
Ross Avatar asked Dec 26 '12 08:12

Ross


1 Answers

Well, you are essentially running into the same problem that prevents Task Manager from terminating the process. There are two possible reasons. One is associated with the access denied exception, the process might have removed the access right to other processes to acquire a handle to the process. Since you are running on Windows 8 you have .NET 4.5 installed. Which provides a new method to the Process class, you can call EnterDebugMode(). That enables the SeDebugPrivilege, might be good enough to now make Kill() work.

The other is a much bigger problem, the process may have a thread active in kernel mode that is not exiting. Best way to diagnose that is by using Task Manager, Details tab, right-click one of the column headers and choose "Select Columns". Tick "Handles". Look at the displayed value for the process. If you see a non-zero value then the process is very likely to have a handle opened and is waiting for a device driver to perform an I/O request. And that device driver is otherwise impervious to Windows asking it to cancel the request. Narrowing down the troublemaker is not that easy, you have to know more about exactly what kind of I/O requests your process performs. Follow up on this by asking a question about it at superuser.com

like image 193
Hans Passant Avatar answered Oct 16 '22 09:10

Hans Passant