Hello all,
Can I terminate a thread or process on my target machine from my debugger?
Cheers,
Ben
You can try .kill, which will terminate a process:
http://msdn.microsoft.com/en-us/library/ff563855(v=vs.85).aspx
Don’t know of a similar command for killing a thread.
-scott
–
Scott Noone
Consulting Associate and Chief System Problem Analyst
OSR Open Systems Resources, Inc.
http://www.osronline.com
wrote in message news:xxxxx@windbg…
Hello all,
Can I terminate a thread or process on my target machine from my debugger?
Cheers,
Ben
i wrapped NtOpenThread, NtTerminateThread In an extension to do this but
after that i saw skywings sdbgexts
which has a killthread iirc it does the same thing like DebugCreate()
NtOpenThread and NtTerminateThread
On Mon, Jul 25, 2011 at 4:44 AM, wrote:
> Hello all,
> Can I terminate a thread or process on my target machine from my debugger?
> Cheers,
> Ben
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
–
thanks and regards
raj_r
Ok thanks guys. I will check out those options.
Cheers,
Ben
ok here is the edgy engineered 
code for killing threads using
non-recommended methods
this is shitty engineered dont call it edgy engineering
windbg\sdk\samples>echo n| comp simplext*.* killthread*.* | grep
-a1 diff
Comparing simplext\exts.c and killthread\exts.c…
Files are different sizes.
–
Comparing simplext\simple.def and killthread\simple.def…
Files are different sizes.
Compare more files (Y/N) ?
windbg\sdk\samples>
windbg\sdk\samples>type killthread\exts.c
#include “simple.h”
DECLARE_API( kt )
{
ULONG64 Address;
HANDLE result;
DWORD errcode =0;
Address = GetExpression(args);
dprintf(“the thread to be killed has an ID of %x\n”,Address);
result = OpenThread(THREAD_ALL_ACCESS,FALSE,(DWORD)Address);
if (result == 0)
{
errcode = GetLastError();
dprintf(“gle = %x\n”,errcode);
}
else
{
dprintf(“HANDLE to thread is %x\n”,result);
if(TerminateThread(result,DBG_TERMINATE_THREAD) == 0)
{
dprintf(“Terminate Thread Failed”);
}
else
{
dprintf(“issue a g then ~* and you will see a thread has
been killed\n”
“if it was main thread the process would have go
ne\n”
“pl read msdn for all the DANGEROUS FUNCTION cav
eats against using TerminateThread Function\n”
“also read the need to define minimum platform _
winnt_winxp???\n”
“also iirc using win32apis in debugger extension
s is not recommended you need to use idebug::whatever::went::somewhere::interfac
es\n”
“have fun terminating the process thread by thre
ad\n”);
}
}
}
DECLARE_API ( help )
{
dprintf(“usage kt ThreadId Will kill The Thread”);
}
windbg\sdk\samples>
0:005> ~*
0 Id: 38c.c5c Suspend: 1 Teb: 7ffdf000 Unfrozen
Start: windbg!wmainCRTStartup (01058c77)
Priority: 0 Priority class: 128 Affinity: 1
1 Id: 38c.c08 Suspend: 1 Teb: 7ffde000 Unfrozen
Start: kernel32!BaseThreadStartThunk (7c8106f9)
Priority: 0 Priority class: 128 Affinity: 1
2 Id: 38c.3c4 Suspend: 1 Teb: 7ffdd000 Unfrozen
Start: kernel32!BaseThreadStartThunk (7c8106f9)
Priority: 0 Priority class: 128 Affinity: 1
3 Id: 38c.dd0 Suspend: 1 Teb: 7ffdc000 Unfrozen
Start: kernel32!BaseThreadStartThunk (7c8106f9)
Priority: 0 Priority class: 128 Affinity: 1
4 Id: 38c.6cc Suspend: 1 Teb: 7ffdb000 Unfrozen
Start: kernel32!BaseThreadStartThunk (7c8106f9)
Priority: 0 Priority class: 128 Affinity: 1
. 5 Id: 38c.7e8 Suspend: 1 Teb: 7ffda000 Unfrozen
Start: ntdll!DbgUiRemoteBreakin (7c951e13)
Priority: 0 Priority class: 128 Affinity: 1
0:005> !simple.kt c5c
the thread to be killed has an ID of c5c
HANDLE to thread is 360
issue a g then ~* and you will see a thread has been killed
if it was main thread the process would have gone
pl read msdn for all the DANGEROUS FUNCTION caveats against using
TerminateThread Function
also read the need to define minimum platform _winnt_winxp???
also iirc using win32apis in debugger extensions is not recommended
you need to use idebug::whatever::went::somewhere::interfaces
have fun terminating the process thread by thread
0:005> g
(38c.4f8): Break instruction exception - code 80000003 (first chance)
eax=7ffd7000 ebx=00000001 ecx=00000002 edx=00000003 esi=00000004 edi=00000005
eip=7c90120e esp=012effcc ebp=012efff4 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246
ntdll!DbgBreakPoint:
7c90120e cc int 3
0:000> ~*
. 0 Id: 38c.4f8 Suspend: 1 Teb: 7ffda000 Unfrozen
Start: ntdll!DbgUiRemoteBreakin (7c951e13)
Priority: 0 Priority class: 128 Affinity: 1
1 Id: 38c.c08 Suspend: 1 Teb: 7ffde000 Unfrozen
Start: ntdll!RtlpTimerThread (7c927edb)
Priority: 0 Priority class: 128 Affinity: 1
2 Id: 38c.3c4 Suspend: 1 Teb: 7ffdd000 Unfrozen
Start: ntdll!RtlpWorkerThread (7c910250)
Priority: 0 Priority class: 128 Affinity: 1
3 Id: 38c.dd0 Suspend: 1 Teb: 7ffdc000 Unfrozen
Start: ADVAPI32!WmipEventPump (77df848a)
Priority: 0 Priority class: 128 Affinity: 1
4 Id: 38c.6cc Suspend: 1 Teb: 7ffdb000 Unfrozen
Start: windbg!EngineLoop (0102b590)
Priority: 0 Priority class: 128 Affinity: 1
WinMainCrtThread the main thread is gone
to compile set dbgsdkpath as described in doc and issue build -cZmg
from win2008 build environment
On 7/26/11, xxxxx@nchsoftware.com wrote:
> Ok thanks guys. I will check out those options.
> Cheers,
> Ben
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
–
thanks and regards
raj_r