kill process using WIN32_PROCESS

[Junkone]

I was reviewing the docs for Module Process in WIN32_PROCESS and
found the following docs for Kill. What does signal 4-8 do and how
does it make it nicer kill. why is it 4-8 and what is the degree of
niceness as it goes along.

kill(signal, *pids)
Sends the given signal to an array of process id's. The signal may be
any value from 0 to 9, or the special strings 'SIGINT' (or 'INT'),
'SIGBRK' (or 'BRK') and 'SIGKILL' (or 'KILL'). An array of
successfully killed pids is returned.

Signal 0 merely tests if the process is running without killing it.
Signal 2 sends a CTRL_C_EVENT to the process. Signal 3 sends a
CTRL_BRK_EVENT to the process. Signal 9 kills the process in a harsh
manner. Signals 1 and 4-8 kill the process in a nice manner.

SIGINT/INT corresponds to signal 2 SIGBRK/BRK corresponds to signal 3
SIGKILL/KILL corresponds to signal 9

Signals 2 and 3 only affect console processes, and then only if the
process was created with the CREATE_NEW_PROCESS_GROUP flag.

 

[Daniel Berger]

I was reviewing the docs for Module Process in WIN32_PROCESS and
found the following docs for Kill. What does signal 4-8 do and how
does it make it nicer kill. why is it 4-8 and what is the degree of
niceness as it goes along.

Actually, it's 1 and 4-8. Signals 2 and 3 were chosen for SIGINT and
SIGBRK, respectively, because that's what their Unix counterparts are
(typically). In practice these will rarely be used.

They're nicer because they use a different technique for killing a
process than the 9 signal does. The 9 signal uses TerminateProcess()
behind the scenes, which is a brute force way to kill a process that
bypasses any exit handlers the process may have setup. Signals 1 and
4-8 use a CreateRemoteThread() + ExitProcess() technique, which *does*
allow the process to run any exit handlers first.

Regards,

Dan

 

[Junkone]

Actually, it's 1 and 4-8. Signals 2 and 3 were chosen for SIGINT and
SIGBRK, respectively, because that's what their Unix counterparts are
(typically). In practice these will rarely be used.

They're nicer because they use a different technique for killing a
process than the 9 signal does. The 9 signal uses TerminateProcess()
behind the scenes, which is a brute force way to kill a process that
bypasses any exit handlers the process may have setup. Signals 1 and
4-8 use a CreateRemoteThread() + ExitProcess() technique, which *does*
allow the process to run any exit handlers first.

Regards,

Dan

is signal 4, 5, 6, 7,8 provide same effect or is 8 better than 7 in
descending order

 

[Daniel Berger]

is signal 4, 5, 6, 7,8 provide same effect or is 8 better than 7 in
descending order- Hide quoted text -

1 and 4-8 are all the same.

Regards,

Dan