Hooking TerminateProcess & Getting Info From The Handle It Supplies?

It's just an ordinary process handle. The question is, in which process is your hook function executing? If it's the calling process, the handle can be used as-is for GetProcessId or NtQueryInformationProcess.

If not, you need to call DuplicateHandle to duplicate the handle into your process If you're getting access denied errors, it may be because the process handle only has PROCESS_TERMINATE access. In that case, use DuplicateHandle to "re-open" the process with PROCESS_QUERY_(LIMITED_)INFORMATION access.

It's just an ordinary process handle. The question is, in which process is your hook function executing? If it's the calling process, the handle can be used as-is for GetProcessId or NtQueryInformationProcess.

If not, you need to call DuplicateHandle to duplicate the handle into your process. If you're getting access denied errors, it may be because the process handle only has PROCESS_TERMINATE access. In that case, use DuplicateHandle to "re-open" the process with PROCESS_QUERY_(LIMITED_)INFORMATION access.

I did mention in the question that I had already tried DuplicateHandle() (to try to gain enough access), to no avail. Since the hook is injected into each process and can only trap calls that same process makes to NTDLL, it should only be being called in the context of the app doing the terminating. For example, if ProcessExplorer terminates an app, it is the hook code mapped into ProcessExplorer that triggers, and would you not agree that it should then be ProcessExplorer's own context?

It can't be the target app's, as that didn't make the TerminateProcess call... – JTeagle Nov 8 '10 at 13:14 I should clarify that I'm using the AppInit_DLLs method of hooking, not a system-wide hook. I forgot to clarify that my hook code only executes in the application making the call to terminate another. – JTeagle Nov 8 '10 at 13:17 The reason I mentioned the stuff about handles was because you didn't specify how the hooking was done, and you mentioned getting invalid handle errors.

What exactly is the issue with using DuplicateHandle? Maybe you could post some code... – wj32 Nov 8 '10 at 19:32.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.