这两种杀死进程的方法有什么区别?
我正在编写一个 C# 应用程序,除其他外,它可以在用户退出游戏后自动关闭某个游戏显示的广告。我的程序通过在检测到用户已退出游戏时终止游戏进程来实现此目的。我的程序类似于其他人编写的 Autohotkey 脚本,它执行类似的操作,但它添加了一些功能和 GUI。
自然,我使用了Process.Kill方法。但是,这会失败并出现“访问被拒绝”异常。我注意到 Autohotkey 脚本使用了一种不寻常的方法来终止进程。我向作者询问了此事,他说他也很难用正常方法杀死该进程。
我们怀疑正常进程终止方法不起作用的原因是游戏用来尝试打击作弊的 HackShield 软件。
以下是其他人的脚本用于终止进程的 Autohotkey 代码:
; kills all process instances of a given executable name
; COM AutoHotkey library code omitted
KillProcessInstances(exe)
{
psvc := COM_GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
pset := COM_Invoke(psvc, "ExecQuery", "Select * from Win32_Process Where Name = '" exe "'")
penm := COM_Invoke(pset, "_NewEnum")
Loop, % COM_Invoke(pset, "Count")
If COM_Enumerate(penm, pobj)=0
{
COM_Invoke(pobj, "Terminate")
COM_Release(pobj)
}
COM_Release(penm)
COM_Release(pset)
COM_Release(psvc)
}
我使用 System.Management 命名空间将 Process.KIll 替换为程序中的 WMI 调用,现在我的程序能够终止该进程。
我不明白 WMI 与 Process.Kill 有何不同。我希望两者都有效或都失败。此外,任务管理器能够很好地终止进程,但我认为它只是使用 TerminateProcess win32 调用,就像 Process.Kill 肯定会做的那样。任何人都可以阐明不同行为的原因吗?如果重要的话,我运行的是 Windows XP。
编辑:wj32 解释了 WMI 工作的原因,但是任何人都可以解释为什么我可以使用任务管理器终止该进程,但不能使用我自己的程序终止该进程?
I am writing a C# application that, among other things, automatically closes the advertisement a certain game displays after the user exits the game. My program accomplishes this by killing the game process when it detects that the user has exited the game. My program is similar to an Autohotkey script written by someone else that does similar things but it adds some features and a GUI.
Naturally, I used the Process.Kill method. However, that would fail with an "Access is denied" exception. I noticed that the Autohotkey script uses an unusual method of killing the process. I asked the author about it, and he said that he too had trouble killing the process with normal methods.
We suspect the reason normal process termination methods do not work is the HackShield software the game uses to attempt to combat cheating.
Here is the Autohotkey code the other guy's script uses for killing a process:
; kills all process instances of a given executable name
; COM AutoHotkey library code omitted
KillProcessInstances(exe)
{
psvc := COM_GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
pset := COM_Invoke(psvc, "ExecQuery", "Select * from Win32_Process Where Name = '" exe "'")
penm := COM_Invoke(pset, "_NewEnum")
Loop, % COM_Invoke(pset, "Count")
If COM_Enumerate(penm, pobj)=0
{
COM_Invoke(pobj, "Terminate")
COM_Release(pobj)
}
COM_Release(penm)
COM_Release(pset)
COM_Release(psvc)
}
I replaced the Process.KIll with the WMI calls in my program using the System.Management namespace and my program is now able to kill the process.
What I don't understand is what makes the WMI any different from Process.Kill. I would expect both to work or both to fail. In addition, Task Manager is able to kill the process just fine, but I would think it just uses a TerminateProcess win32 call just as Process.Kill surely does. Can anyone shed some light on the cause of the different behavior? If it matters, I'm running Windows XP.
Edit: wj32 explained why the WMI works, but can anyone explain why I can kill the process with Task Manager but not with my own program?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
WMI 调用不在进程的安全上下文中执行。它们在另一个进程中处理(我猜是 Winmgmt 服务)。该服务在 SYSTEM 帐户下运行,HackShield 可能会因此允许终止继续。
WMI calls are not performed within the security context of your process. They are handled in another process (I'm guessing the Winmgmt service). This service runs under the SYSTEM account, and HackShield may be allowing the termination continue due to this.