Is it possible to kill a process if the only thing you know is the filename.. eg.. notepad.exe?? how could i do this? and if i cant do it by just knowing the filename how else would i do it?
Posted on 2001-11-03 19:20:51 by Kezza
call GetWindowThreadProcessId first to obtain the process ID. Then call OpenProcess to obtain the process handle. After that, call TerminateProcess
Posted on 2001-11-03 22:39:38 by Iczelion
But how do you call GetWindowThreadProcessId if u don't know the window handle ?
Is it possible to get it with only knowing the process instance ?
I can't use FindWindow because i don't have any info about it ...
Posted on 2001-11-04 05:08:11 by Xda
Is it possible to kill a process if the only thing you know is the filename.. eg.. notepad.exe??

You might enumerate all windows, get the process id via etWindowThreadProcessId and get their filename via GetModuleFilename. not the most elegant solution but it should work ;)
Posted on 2001-11-04 07:32:12 by Tola
You can use the ToolHelp32 functions to get the process ID
of a module which name you have:

FileName db 'notepad',0

lea eax, FileName
push eax
call KillProcessByFileName
push eax
call ExitProcess

KillProcessByFileName proc pszFileName:dword
local lppe:PROCESSENTRY32, hSnapshot:DWORD, uCode:DWORD

push ebx
push esi
push edi

push 0
call CreateToolhelp32Snapshot
cmp eax, -1
je _exit_1
mov hSnapshot, eax
push eax

; Fill the PROCESSENTRY32 structure:
lea ebx, lppe
mov dword ptr , sizeof lppe
push ecx
push eax
op3: call Process32First
test eax,eax
je _exit_0

; Get the file name of this process
lea esi, lppe.szExeFile
lea edi, pszFileName
push esi

push esi
call lstrlen
add esi, eax


; skip the ".exe":

r1: lodsb
cmp al, '.'
jne r1
inc esi
mov , 0

; point to file name:

cmp al, "\"
jne r2
inc esi
inc esi

; Is this the process that we search?:

push esi
push edi
call lstrcmp
pop esi
test eax, eax
je match

; Is not the process, try the next:
push ebx
push hSnapshot
call Process32Next
test eax,eax
jne r0

_exit_0: call CloseHandle

_exit_1: pop edi
pop esi
pop ebx

push lppe.th32ProcessID
push 0
call OpenProcess
mov ebx, eax
lea ecx, uCode
push ecx
push eax
call GetExitCodeProcess

; Terminate the process
push ucode
push ebx
call TerminateProcess
jmp _exit_0

KillProcessByFileName endp

This routine will not work in windows nt. You will need use
the functions of PSAPI.DLL:

Get the process IDs:
EnumProcesses PROTO lpidProcess:DWORD, cb:DWORD, cbNeeded:DWORD

Get the module handles:
EnumProcessModules PROTO hProcess:DWORD, lphModule:DWORD, cb:DWORD, lpcbNeeded:DWORD

Get the file name for one of the process handles:
GetModuleBaseName PROTO hProcess:DWORD, hModule:DWORD, lpBaseName:DWORD, nSize:DWORD

When you find the process handle for the matching file name,
you kill the process.
Posted on 2001-11-04 21:08:54 by n u M I T_o r