A short update and a cool process killing trick

Saturday, August 21, 2004

My blog has moved.
You can view this post at the following address:
http://www.osherove.com/blog/2004/8/21/a-short-update-and-a-cool-process-killing-trick.html

8 Comments

Hey Roy,

Thanks for the cool tip Roy. Could not have come at a better time. I have been having trouble trying to load a large playlist in WinAmp. It kept hanging and I was having a heck of a time trying to kill the process! Not anymore.

BTW Family/Personal Health before Professional Health. Nice to see someone with their priorities straight.

James Steele - Saturday, August 21, 2004 6:57:00 PM

This was a good way to kill processes on Win2K, which doesn't come with a command line tool like kill.exe. The reason it works in some cases when task manager doesn't is because ntsd enables SeDebugPrivilege, allowing you to open processes that you otherwise wouldn't have access to.

On XP and Win2003 however you should just use taskkill.exe. It's more reliable and should even work in some cases when ntsd wouldn't - for example, if the process is deadlocked on the loader lock. Ntsd will not be able to attach to such process (it will eventually time out and suspend it, but when you type 'q' it will simply quit and resume the process (unless you do .kill first)).

Pavel Lebedinsky - Saturday, August 21, 2004 8:01:00 PM

Wow Pavel. Thanks for the great advice! I didn't even know TaskKill existed up until now. Perhaps you have some more cool low level debugging and process manipulation stuff you'd like to share? actually, why don't you have a weblog?

:)

Roy Osherove - Saturday, August 21, 2004 8:51:00 PM

OK, here's another tip :)

One situation where ntsd does come in handy even on XP+ is when you want to change priority of a system process.

Let's say a service (for example, msdtc) is taking up 100% CPU. You want to let it finish whatever it's doing but you don't want it to slow down your interactive processes.

So you open up task manager, right-click on the msdtc process and try to change its priority. This fails with access denied because msdtc runs as NETWORK SERVICE and its security descriptor doesn't give you any access.

Pavel Lebedinsky - Saturday, August 21, 2004 10:16:00 PM

Pavel: Very nice! So theoretically I could create a batch file to run at startup that launches the Task list with elevated seDebug privilages using ntsd.. right?

the only question now is how to you send a "qd" to ntsd from a batch file once ntsd is already running on the shell.

hmmm.... any idea?

Roy Osherove - Saturday, August 21, 2004 10:23:00 PM

Awsome! What exactly do you do to have such in depth knowledge in this area?

Roy Osherove - Saturday, August 21, 2004 10:52:00 PM

If I start TaskMgr with the elevated priviliges I'm guessing it will also have the power to kill those processes that wouldn't die earlier. am I right?

Also - is there a way to mimic such a process that wouldn't die any other way just so I can test it out?

Roy Osherove - Saturday, August 21, 2004 11:02:00 PM

Obviously you start the whole sequence by using the kill-p1.bat !!!

D.Williams - Wednesday, September 15, 2004 1:51:00 PM

Comments have been disabled for this content.