Re: W2k: Unkillable Applications

[Alun Jones <alun () texis com>]

At 11:58 AM 7/17/2001, Chris Adams wrote:
> on 2001-07-17 09:20, Justin Nelson at security () jm4n com wrote:
> > Under Windows 2000 Pro, I made a copy of "notepad.exe" renamed to
> > "winlogon.exe", and could not kill it via the Task Manager. Both the 'kill'
> > command and the VC++ debugger were able to kill it.
>
> Task Manager is really inconsistent - I renamed a copy of notepad to
> winlogon.exe. If I start it and try to kill it through the "Applications"
> tab of the task manager, it will be killed as normal. If I try to kill it
> through the "Processes" tab, task manager won't let me.

The answer here is that the "End Task" button on the "Applications" tab
tries to send a WM_QUIT message to the foreground window.  The "End 
Process" (note the different name) button on the "Processes" tab calls 
TerminateProcess() on the process.

Task Manager _is_ being consistent - it's just that you don't seem to 
understand the difference between "Tasks" / "Applications" (really just 
windows with no parent) and "Processes" (which are true processes).

Alun.
~~~~

--
Texas Imperial Software   | Try WFTPD, the Windows FTP Server. Find us at
1602 Harvest Moon Place   | http://www.wftpd.com or email alun () texis com
Cedar Park TX 78613-1419  | VISA/MC accepted.  NT-based sites, be sure to
Fax/Voice +1(512)378-3246 | read details of WFTPD Pro for NT.