How can I kill the explorer.exe process?

Question

I'm writing a script which is meant to kill explorer.exe. I searched a bit about it and the best answer I've seen uses the taskkill command. I tried it, but when I run it on my computer it says it worked but it doesn't actually kill it.

import os, socket

s = socket.socket()
host = socket.gethostname()

try:
    s.bind((host, 75))
except socket.error:
    print 'Error: Premission denied, please run as admin'
    exit()

s.listen(5)

while True:
    print '[*] Deploying Server on: ' + host
    print '[*] Scanning..'
    c, addr = s.accept()
    print '[*] Connection established from ' + str(addr)
    while True:
        try:
            os.system("taskkill /im explorer.exe")
            cmd = raw_input()
            if cmd == 'exit':
                print '[!] Exiting'
                c.send('exit')
                s.close()
                exit()
            c.send(cmd)
        except KeyboardInterrupt:
            print '[!] Exiting'
            c.send('exit')
            s.close()
            exit()

the payload:

import os
import socket
import platform

print 'Starting'
system = platform.system()
windows = ['Microsoft', 'Windows']
s = socket.socket()
host = socket.gethostname()
print host
print platform.system()
try:
    s.connect((host, 75))
except socket.error:
    s.close()
    s.connect((host, 75))
while True:
    cmd = s.recv(1024)
    if cmd == 'exit':
        s.close()
        exit()
    os.system("taskkill /im explorer.exe")
    print(os.system("taskkill /im explorer.exe"))

Are you sure it didn't get killed at all? I don't always kill explorer.exe, but when I do, I prefer its default behavior of immediately restarting itself. — TigerhawkT3, Dec 19 '15 at 11:33
well I see that it still runs on my computer, how can I know weather or not it's been immeddiately restarted? — Itay Braha, Dec 19 '15 at 17:23
taskkill tries to connect to the window station and desktop of a process and post a `WM_CLOSE` message to the main window (for a console app it's the conhost.exe window, but only if only one process is attached to the console). If it can't post the message, it fails (exit code is 1) and says you need to use /F (force), which will call `TerminateProcess`. Just because it succeeds in posting a `WM_CLOSE` message, that doesn't mean the program will actually close. Explorer isn't respawning; it just ignores the window message. You can use /F, but you'll have to manually restart Explorer. — Eryk Sun, Dec 19 '15 at 17:57
If using /F you need to narrow the target to the active "console" session (not to be confused with console windows). Otherwise it could kill all instances of explorer.exe for all logged on users. You can get the console session number using `csid = ctypes.windll.kernel32.WTSGetActiveConsoleSessionId()`. Then add this as a filter, e.g. `os.system('taskkill /f /im explorer.exe /fi "session eq %d"' % csid)`. — Eryk Sun, Dec 19 '15 at 18:19
Also, you should use `subprocess.call` instead of `os.system`. There's no reason to run this using the cmd.exe shell. Plus with subprocess you can pass `creationflags=DETACHED_PROCESS` (8) to run taskkill.exe without a console window. This way if it's a GUI application a console window won't briefly flash on the desktop. — Eryk Sun, Dec 19 '15 at 18:35

score 0 · Answer 1 · answered Dec 19 '15 at 22:02

0

I suggest using os.kill() instead. It is much clearer and returns a clearer value. You can do something like this:

import wmi

for process in wim.WMI().Win32_Process ():
    if process.Name == 'explorer.exe':
        os.kill(process.ProcessId)

Note that it matters which version of Python you're running (https://docs.python.org/2/faq/windows.html#how-do-i-emulate-os-kill-in-windows)

answered Dec 19 '15 at 22:02

nir0s

1,151
7
17

There are no signals in Windows, so `os.kill` is implemented with a hard `TerminateProcess`. You may as well call the `Terminate` method on the WMI `process` object. This is like a `SIGKILL` on Unix, as opposed to a more polite `SIGTERM`. The polite way on Windows is to `PostMessage` a `WM_CLOSE` to the window or `PostThreadMessage` a `WM_QUIT` to the thread. For a console application, if it's the only process attached to the console, you can post `WM_CLOSE` to the console window, which will notify the app with a `CTRL_CLOSE_EVENT`. – Eryk Sun Dec 20 '15 at 02:52
True, I remembered a bug in WMI that for some reason can't kill multiple processes with the same name if using Terminate.. but I believe it's been fixed. Anyhow, process.Terminate() is also a good idea. – nir0s Dec 20 '15 at 08:04

score 0 · Answer 2 · answered Jul 25 '17 at 20:23

0

I was running into this same issue, where I need to kill the explorer.exe process. Apparently you ahve to forcibly kill the process with a /F flag.

os.system("taskkill /im explorer.exe /F")

answered Jul 25 '17 at 20:23

Chase Roberts

9,082
13
73
131

score 0 · Answer 3 · edited Dec 13 '22 at 16:55

0

The reason why your code dosen't work is because that is not how you use the os.system command. Here is the correct way:

os.system('cmd /c "taskkill /f /im explorer.exe"')

edited Dec 13 '22 at 16:55

endive1783

827
1
8
18

answered Dec 08 '22 at 23:16

Misha

1

How can I kill the explorer.exe process?

3 Answers3

Linked