Is it possible to kill a process if the only thing you know is the filename.. eg.. notepad.exe?? how could i do this? and if i cant do it by just knowing the filename how else would i do it?
Posted on 2001-11-03 19:20:51 by Kezza
call GetWindowThreadProcessId first to obtain the process ID. Then call OpenProcess to obtain the process handle. After that, call TerminateProcess
Posted on 2001-11-03 22:39:38 by Iczelion
But how do you call GetWindowThreadProcessId if u don't know the window handle ?
Is it possible to get it with only knowing the process instance ?
I can't use FindWindow because i don't have any info about it ...
Posted on 2001-11-04 05:08:11 by Xda
You might enumerate all windows, get the process id via etWindowThreadProcessId and get their filename via GetModuleFilename. not the most elegant solution but it should work ;)
Posted on 2001-11-04 07:32:12 by Tola
You can use the ToolHelp32 functions to get the process ID
of a module which name you have:

FileName db 'notepad',0

lea eax, FileName
push eax
call KillProcessByFileName
push eax
call ExitProcess

KillProcessByFileName proc pszFileName:dword
local lppe:PROCESSENTRY32, hSnapshot:DWORD, uCode:DWORD

push ebx
push esi
push edi

push 0
call CreateToolhelp32Snapshot
cmp eax, -1
je _exit_1
mov hSnapshot, eax
push eax

; Fill the PROCESSENTRY32 structure:
lea ebx, lppe
mov dword ptr , sizeof lppe
push ecx
push eax
op3: call Process32First
test eax,eax
je _exit_0

; Get the file name of this process
lea esi, lppe.szExeFile
lea edi, pszFileName
push esi

push esi
call lstrlen
add esi, eax


; skip the ".exe":

r1: lodsb
cmp al, '.'
jne r1
inc esi
mov , 0

; point to file name:

cmp al, "\"
jne r2
inc esi
inc esi

; Is this the process that we search?:

push esi
push edi
call lstrcmp
pop esi
test eax, eax
je match

; Is not the process, try the next:
push ebx
push hSnapshot
call Process32Next
test eax,eax
jne r0

_exit_0: call CloseHandle

_exit_1: pop edi
pop esi
pop ebx

push lppe.th32ProcessID
push 0
call OpenProcess
mov ebx, eax
lea ecx, uCode
push ecx
push eax
call GetExitCodeProcess

; Terminate the process
push ucode
push ebx
call TerminateProcess
jmp _exit_0

KillProcessByFileName endp

This routine will not work in windows nt. You will need use
the functions of PSAPI.DLL:

Get the process IDs:
EnumProcesses PROTO lpidProcess:DWORD, cb:DWORD, cbNeeded:DWORD

Get the module handles:
EnumProcessModules PROTO hProcess:DWORD, lphModule:DWORD, cb:DWORD, lpcbNeeded:DWORD

Get the file name for one of the process handles:
GetModuleBaseName PROTO hProcess:DWORD, hModule:DWORD, lpBaseName:DWORD, nSize:DWORD

When you find the process handle for the matching file name,
you kill the process.
Posted on 2001-11-04 21:08:54 by n u M I T_o r