Kill Process using DebugActiveProcess.

gothic_coder

Hello all. I want to kill the process using DebugActiveProcess.. I read somewhere that to kill the debugee process or target process i need to terminate the Debug object.. Can anyone clarify that? How do i do that? Thanks.

gothic_coder

I'm doing something like this.

#define DEBUG_KILL_PROCESS_ON_EXIT 0x1
#define OBJ_KERNEL_HANDLE 0x00000200L
#define OBJ_CASE_INSENSITIVE 0x00000040L
#define OBJECT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1)

if(strcmp(Proc_Argument, "-debug") == 0)
{
OBJECT_ATTRIBUTES objAttr;

objAttr.Length = sizeof(OBJECT\_ATTRIBUTES);
objAttr.RootDirectory = NULL;
objAttr.Attributes = OBJ\_CASE\_INSENSITIVE | OBJ\_KERNEL\_HANDLE;
objAttr.ObjectName = NULL;
objAttr.SecurityDescriptor = NULL;
objAttr.SecurityQualityOfService = NULL;

HMODULE hDebugObject = NULL;
HANDLE MyDebugHandle = NULL;
		
HANDLE hProc = MyOpenProcess(PROCESS\_SUSPEND\_RESUME,FALSE, dwID);
		
typedef NTSTATUS (WINAPI \*\_NtCreateDebugObject)(OUT PHANDLE DebugHandle,
             				IN ACCESS\_MASK DesiredAccess,
					IN POBJECT\_ATTRIBUTES ObjectAttributes,
					IN ULONG Flags);

			 
\_NtCreateDebugObject Debug\_Object;


		
typedef NTSTATUS (WINAPI \*\_NtDebugActiveProcess)(IN HANDLE ProcessHandle,
					IN HANDLE DebugHandle);

\_NtDebugActiveProcess Debug\_Process = NULL;


hDebugObject = GetModuleHandle("ntdll.dll");

if(hDebugObject == INVALID\_HANDLE\_VALUE || hDebugObject == NULL)
{
	hDebugObject = LoadLibrary("ntdll.dll");
	if(hDebugObject == INVALID\_HANDLE\_VALUE || hDebugObject == NULL)
	{
		MessageBox(NULL, "Cannot Load NtDll.dll", "Error", MB\_OK);
				
	}
}

Debug\_Object = (\_NtCreateDebugObject)GetProcAddress(hDebugObject, "NtCreateDebugObject");
Debug\_Process = (\_NtDebugActiveProcess)GetProcAddress(hDebugObject, "NtDebugActiveProcess");


NTSTATUS nStatus = Debug\_Object(&MyDebugHandle,
							OBJECT\_ALL\_ACCESS,
							&objAttr,
							DEBUG\_KILL\_PROCESS\_ON\_EXIT);

    DWORD err = GetLastError();

if(nStatus != STATUS\_SUCCESS)
{
	MessageBox(NULL, "Fail to create object", "Error", MB\_OK)
	return FALSE;
}

NTSTATUS nStatusProc = Debug\_Process(hWnd, MyDebugHandle);

    //This does not attch the process... Don't know what's the problem..
	
err = GetLastError();
		
if(nStatusProc != STATUS\_SUCCESS)
{
            
	MessageBox(NULL, "Cannot Attach Processl", "Error", MB\_OK)
	return FALSE;
}
		
CloseHandle(MyDebugHandle);

}

Also the error after Debug_Process comes out to be 299 i.e "Only part of a ReadProcessMemory or WriteProcessMemory request was completed."...