0

I'm studying Windows Internals. In fact, there's no similar _exit system call like in *nix.

The process should terminate itself with TerminateProcess/NtTerminateProcess.

ExitProcess/RtlExitUserProcess API doing some cleanup before self-terminate.

TerminateProcess/NtTerminateProcess work with GetCurrentProcess/NtCurrentProcess/(HANDLE)-1.

But when I try it with GetCurrentProcessId/gs:[0x40] it didn't work.

#include <windows.h>

int main(void)
{
    TerminateProcess(GetCurrentProcess(), 0); // work
    TerminateProcess(GetCurrentProcessId(), 0); // didn't work
}

mov rcx, -1
xor edx, edx
call TerminateProcess
; this one is working
call GetCurrentProcessId
mov ecx, eax
xor edx, edx
call TerminateProcess
; this one didn't work

Why Windows processes must self terminate itself with GetCurrentProcess and can't work with GetCurrentProcessId ?

Ex-Kyuto
  • 29
  • 5
  • Please show the code you tried – pm100 Feb 19 '23 at 01:16
  • Because TerminateProcess takes a HANDLE as the first argument, GetCurrentProcessId returns a DWORD? – xihtyM Feb 19 '23 at 01:36
  • Why would TerminateProcess work with the process id? – Stuart Feb 19 '23 at 01:37
  • Also because you have tagged this with `undocumented-behavior`, you can find the documentation for TerminateProcess [here](https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-terminateprocess). You can also find all windows api documentation if you search `FunctionName msvc` into google. – xihtyM Feb 19 '23 at 01:38
  • 1
    @Ex-Kyuto "*In fact, there's no similar _exit system call like in nix*" - not in the Win32 API, no. But the C and C++ runtime libraries do define their own standard `(std::)exit()` (cleanup) and `(std::)abort()` (no cleanup) functions. Use those instead. – Remy Lebeau Feb 19 '23 at 02:34

2 Answers2

4

The documentation for TerminateProcess() clearly says that it takes a process handle, whereas GetCurrentProcessID() returns a process ID instead. Why would you expect that ID to work?

One comment of yours seems to suggest that you think a process HANDLE is the same as a process ID. Clearly that is not true, otherwise GetCurrentProcess() and GetCurrentProcessID() would not exist as separate APIs.

In fact, GetCurrentProcess() actually returns 0xffffffff.

The docs say:

The return value is a pseudo handle to the current process.

Remy Lebeau
  • 555,201
  • 31
  • 458
  • 770
pm100
  • 48,078
  • 23
  • 82
  • 145
  • Nvm, that's clearly my falls. I should take the self process handle from OpenProcess and not current process id. – Ex-Kyuto Feb 19 '23 at 02:25
-1

Okay, like the other said, TerminateProcess accept process handle, and not process id.

I should take the handle from OpenProcess(PROCESS_TERMINATE, false, GetCurrentProcessId()).

Sorry for the misinformation.

Ex-Kyuto
  • 29
  • 5
  • 2
    "*I should take the handle from OpenProcess()*" - no, you should use `GetCurrentProcess()` instead. There is no need to open a *real* handle to the calling process, when the *pseudo* handle to the calling process will suffice. – Remy Lebeau Feb 19 '23 at 02:30