Home » Forums » MAIN » Can't close a process

Can't close a process
Hello,

I have a problem.

I use

invoke CreateProcess, addr ModuleName, NULL, NULL, NULL, FALSE, \
DEBUG_PROCESS+ DEBUG_ONLY_THIS_PROCESS, NULL, NULL, \
addr startinfo, addr pi
....
....
invoke CloseHandle,pi.hProcess
invoke CloseHandle,pi.hThread


That works ok, but after I nead to use



invoke CreateFile, addr ModuleName, GENERIC_READ+GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL
mov hFile, eax
invoke CreateFileMapping, hFile, NULL, PAGE_READWRITE,0,0,0
mov hMapping, eax
invoke MapViewOfFile,hMapping,FILE_MAP_WRITE,0,0,0
mov pMapping,eax
...
...
invoke UnmapViewOfFile, pMapping
invoke CloseHandle,hMapping
invoke CloseHandle, hFile

And here CreateFile do not successfull. But if I d'ont use the first part, It works. I don't undestand why. It is like if the process did not close.
So I try to add TerminateProcess and ExitThread before the two CloseHandle but it did not work.

Is someone knows my problem ?
Posted on 2002-10-06 07:48:27 by Morgatte
Can't close a process
When you create process the system maps pages allocated by ModuleName into memory.
And you may not open this file for writing.
It exactly the same as if you would try to delete/move notepad.exe while notepad is running.
Posted on 2002-10-06 08:17:49 by Four-F
Can't close a process
thanks....

So what I must do. I must use invoke UnmapViewOfFile, ???? before my two CloseHandle ?
Posted on 2002-10-06 08:32:40 by Morgatte
Can't close a process
So what I must do. I must use invoke UnmapViewOfFile, ???? before my two CloseHandle ?
You must not try to open/create/map it with *WRITE flag. 

invoke CreateFile, addr ModuleName, [color=blue]GENERIC_READ[/color], FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL

mov hFile, eax 

invoke CreateFileMapping, hFile, NULL, [color=blue]PAGE_READONLY[/color],0,0,0

mov hMapping, eax

invoke MapViewOfFile,hMapping,[color=blue]FILE_MAP_READ[/color],0,0,0

mov pMapping,eax
Posted on 2002-10-07 04:06:20 by Four-F