Is there any way to kill a process in Win2k, no matter what?

[Elledan]

Like you can use 'kill <pid>' in Linux, is there ANY way to kill a process in Win2k, no matter how important or anything it is?

Since I've administrator rights, I expect to be able to screw up a system beyond repair. Wishful thinking?

Thanks for any help! 🙂

 

[Nothinman]

If you get the resource kit there's a kill command.

 

[Elledan]

<< If you get the resource kit there's a kill command. >>


Tried it, didn't work. Returned 'process Grokster.exe (1416) - '' could not be killed'.

Why not?!

 

[Barnaby W. Füi]

never been able to kill certain things through task manager, pretty lame in my opinion. (ok windows, now you listen to me!!!!)

 

[Nothinman]

Tried it, didn't work. Returned 'process Grokster.exe (1416) - '' could not be killed'.

Why not?!

Some processes can't be killed for various reasons, ever get a process stuck in a D state in Linux? That means it' waiting on I/O (network, disk, etc) and until it returns from that it can't be killed, if a device died the process will be there until a reboot.

 

[NogginBoink]

A process is a kernel object. All kernel objects can have access control lists (ACLs) associated with them, just like NTFS files.

It's possible that your user account does not have permissions to kill this process. This is not likely, but it's possible. And yes, it's perfectly possible and legal to deny permissions to administrator(s). However, there's nothing to keep the administrator(s) from changing those permissions and giving him/herself permissions to the object.

Having said that, I doubt that's what's happening unless it's some kind of malware. It would be nice if kill.exe would return an error code, wouldn't it?

I suppose you could whip out a C compiler and write your own version of kill.exe...?

Oh, and what command did you type? You used the PID, right? So you typed:

kill 1416

right? You can get the PID from task manager.

 

[Elledan]

<< A process is a kernel object. All kernel objects can have access control lists (ACLs) associated with them, just like NTFS files.

It's possible that your user account does not have permissions to kill this process. This is not likely, but it's possible. And yes, it's perfectly possible and legal to deny permissions to administrator(s). However, there's nothing to keep the administrator(s) from changing those permissions and giving him/herself permissions to the object. >>

How would I check these permissions?



<< Having said that, I doubt that's what's happening unless it's some kind of malware. It would be nice if kill.exe would return an error code, wouldn't it? >>

You bet it would...



<< I suppose you could whip out a C compiler and write your own version of kill.exe...? >>

Two words: no experience 😉



<< Oh, and what command did you type? You used the PID, right? So you typed:

kill 1416

right? You can get the PID from task manager. >>

Yes, I used 'kill 1416', just like I do in Linux 🙂

 

[Elledan]

<<
Tried it, didn't work. Returned 'process Grokster.exe (1416) - '' could not be killed'.

Why not?!

Some processes can't be killed for various reasons, ever get a process stuck in a D state in Linux? >>

Nope, not that I know.


<< That means it' waiting on I/O (network, disk, etc) and until it returns from that it can't be killed, if a device died the process will be there until a reboot. >>


Well, this particular process (Grokster.exe) has been 'zombie' for over 11 hours and no devices or other I/O have died or were interrupted. It just crashed and refused to stop running.

Weird.

 

[mobly99]

did you try kill -f
?

 

[Elledan]

<< did you try kill -f
? >>

Yes, same result: 'process could not be killed'.

 

[mobly99]

just saw this also from Q197155

Method 3: The PVIEW Utility
If method 1 and method 2 are unsuccessful, use the PVIEW utility from the Resource Kit, Supplement 3, to adjust the permissions on the process and then kill it. You must be an administrator to perform this task:
Start Pview.exe.


Click the target process from the list of processes.


Click Process in the Security pane, adjust the permissions of the process to give administrators (or the currently logged-on user) all accesses to the process, and then repeat this step for Thread security and Process Token security.


Use the kill command to terminate the process.


If none of these procedures work, you must restart the system to terminate the process.

 

[Elledan]

Hmm.. thank you, mobly99, I'll try that immediately! 🙂

 

[mobly99]

oh, on the same article there was this also,

Method 2: The AT Utility
If neither of the commands described in the preceding section work, if the Schedule service is running on the computer in the Local System context, you may be able to terminate the process successfully by scheduling one of the preceding commands with the AT utility:
at time /interactive cmd /c kill -f process name or id
the process.

 

[Elledan]

<< Click Process in the Security pane, adjust the permissions of the process to give administrators (or the currently logged-on user) all accesses to the process, and then repeat this step for Thread security and Process Token security. >>


The tool is called Process Viewer. It does not have a Security pane.

What am I missing?? 😕

 

[Elledan]

<< oh, on the same article there was this also,

Method 2: The AT Utility
If neither of the commands described in the preceding section work, if the Schedule service is running on the computer in the Local System context, you may be able to terminate the process successfully by scheduling one of the preceding commands with the AT utility:
at time /interactive cmd /c kill -f process name or id
the process. >>

I tried it, but without luck...

 

[mobly99]

<< The tool is called Process Viewer. It does not have a Security pane. >>



You have the version from supplement 3?

 

[mobly99]

the tool is process explode (pview.exe), not process viewer (pviewer.exe which was originally pview.exe)
I think they switched the names around in supplement 3.

YGPM

 

[Elledan]

Okay, I got Process Explode now, but under 'Security', 'Thread' is greyed out, and pressing 'P.Token' does nothing.

Weird...

[edit]: nevermind yet, I'm still figuring out this app 😱

[edit2]: The process I'm attempting to kill has no threads ('0'), and all privileges appear to be in order (full access). I should be able to kill the process now, but I can't =(

 

[VirtualLarry]

I've had similar issues before., running EAC using W2K SP2 w/Adaptec ASPI layer. Seems that this program is buggy in places when talking to my Yamaha 6416S CD-RW drive using ASPI. The program will die, and if I try to kill the app, I can't. If then I then try to shutdown/reboot W2K, I get a full-grown BSOD. Seems as those a thread stuck in a kernel call or device driver cannot be killed, without bringing down the entire house of cards.

 

[Nothinman]

The main problem is if the program gets stuck in kernel mode (any syscalls go into kernel mode) you can't kill it until the kernel mode function returns, and depending on how badly what's broken that may never happen.