Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /**
- * Terminates a process.
- *
- * \param ProcessHandle A handle to a process.
- * \param ExitStatus A status value which indicates why the process is being terminated.
- * \param Key An access key.
- * \li If a L2 key is provided, no access checks are performed.
- * \li If no valid L2 key is provided, the function fails.
- * \param Client The client that initiated the request.
- * \param AccessMode The mode IN which to perform access checks.
- */
- NTSTATUS KpiTerminateProcess(
- _In_ HANDLE ProcessHandle,
- _In_ NTSTATUS ExitStatus,
- _In_opt_ KPH_KEY Key,
- _In_ PKPH_CLIENT Client,
- _In_ KPROCESSOR_MODE AccessMode
- )
- {
- NTSTATUS status;
- PEPROCESS process;
- PAGED_CODE();
- if (!NT_SUCCESS(status = KphValidateKey(KphKeyLevel2, Key, Client, AccessMode)))
- return status;
- status = ObReferenceObjectByHandle(
- ProcessHandle,
- 0,
- *PsProcessType,
- AccessMode,
- &process,
- NULL
- );
- if (!NT_SUCCESS(status))
- return status;
- if (process != PsGetCurrentProcess())
- {
- HANDLE newProcessHandle;
- // Re-open the process to get a kernel handle.
- if (NT_SUCCESS(status = ObOpenObjectByPointer(
- process,
- OBJ_KERNEL_HANDLE,
- NULL,
- PROCESS_TERMINATE,
- *PsProcessType,
- KernelMode,
- &newProcessHandle
- )))
- {
- status = ZwTerminateProcess(newProcessHandle, ExitStatus);
- ZwClose(newProcessHandle);
- }
- }
- else
- {
- status = STATUS_CANT_TERMINATE_SELF;
- }
- ObDereferenceObject(process);
- return status;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
