Assumer.exe creation and termination "feature"

Source: Internet
Author: User

You often need to delete a specified file in the program, but some files are always occupied by the resource manager, so the deletion always fails. if you want to forcibly delete a program, except for the brute force Delete 360, you can easily end the resource manager and delete the file, and then start the resource manager.

Haha, I finally caught it up here.

The terminateprocess function is often used to end processes. CreateProcess is used to create processes.

But these two common functions also have some little-known "secrets ).

First, we will discuss terminateprocess:

Bool winapi terminateprocess (

_ In handle hprocess,

_ In uint uexitcode // process exit code



■ The terminateprocess function is asynchronous. This indicates that waitforsingleobject is required after it is used.

■ If you want to know that the process is out of code, you can call the uexitcode's return value. However, if you want to cancel the assumer.exeprocess, 1. assumer.exe cannot be completed (it will be called immediately after the end). This is a strange phenomenon.

Then there is the CreateProcess function:

Bool winapi CreateProcess (

_ In lpctstr lpapplicationname,

_ In_out lptstr lpcommandline,

_ In lpsecurity_attributes lpprocessattributes,

_ In lpsecurity_attributes lpthreadattributes,

_ In bool binherithandles,

_ In DWORD dwcreationflags,

_ In lpvoid lpenvironment,

_ In maid directory,

_ In lpstartupinfo, // The structure must be cleared.

_ Out lpprocess_information lpprocessinformation



■ If the lpstartupinfo structure is not cleared before transmission, CreateProcess may fail.

■ After a process is created, remember the closehandle creation process and its main thread handle. Otherwise, memory leakage will occur.

■ For assumer.exe, if you simply assign a value to lpcommandline, there will be no problem with XP. For win7 flagship edition (32bit), there will be a resource manager exception (you can open my computer to view it ), win7 flagship edition (64bit) cannot be called. It opens my documents. createProcess can be used to find the path of the process according to a specific directory (first, the directory where the main process is located, then the current directory, and then the system directory ....), why is it "not found "? The system has already started a class of assumer.exe process for us.

I am not sure about the symptoms of Windows family edition, because there is no family edition Windows system.

It is the case of win7 (32bit) flagship version.



  HANDLE hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS,0 );TCHAR chProcessName[MAX_PATH] = TEXT("EXPLORER.EXE");PROCESSENTRY32 proceList;proceList.dwSize = sizeof( PROCESSENTRY32 );BOOL ret_Value = Process32First( hSnapshot,&proceList );while ( ret_Value ){if ( _tcsicmp( chProcessName,proceList.szExeFile ) == 0 )//_tcsicmp{break;}ret_Value = Process32Next( hSnapshot,&proceList );}HANDLE hProcess = OpenProcess( PROCESS_ALL_ACCESS,FALSE,proceList.th32ProcessID );TerminateProcess( hProcess,1 );WaitForSingleObject( hProcess,INFINITE );CloseHandle(hProcess);CloseHandle(hSnapshot);STARTUPINFO stup = {0};stup.cb = sizeof( STARTUPINFO );PROCESS_INFORMATION proInfo;TCHAR chProcessPath[MAX_PATH] = {0};//1. GetSystemDirectory( chProcessPath,MAX_PATH );//2. GetWindowsDirectory( chProcessPath,MAX_PATH );_tcscat( chProcessPath,TEXT("\\") );_tcscat( chProcessPath,chProcessName );//3. CreateProcess( NULL,chProcessPath,NULL,NULL,FALSE,0,NULL,NULL,&stup,&proInfo );//4. CreateProcess( NULL,chProcessName,NULL,NULL,FALSE,0,NULL,NULL,&stup,&proInfo );DWORD dwErrorCode = GetLastError();CloseHandle( proInfo.hThread );CloseHandle( proInfo.hProcess );


You need to pay attention to several lines of comments.


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.