+int get_process_creation_time(HANDLE process_handle, FILETIME *ft) {
+ FILETIME creation_time, exit_time, kernel_time, user_time;
+
+ if (! GetProcessTimes(process_handle, &creation_time, &exit_time, &kernel_time, &user_time)) {
+ log_event(EVENTLOG_ERROR_TYPE, NSSM_EVENT_GETPROCESSTIMES_FAILED, error_string(GetLastError()), 0);
+ return 1;
+ }
+
+ memmove(ft, &creation_time, sizeof(creation_time));
+
+ return 0;
+}
+
+int get_process_exit_time(HANDLE process_handle, FILETIME *ft) {
+ FILETIME creation_time, exit_time, kernel_time, user_time;
+
+ if (! GetProcessTimes(process_handle, &creation_time, &exit_time, &kernel_time, &user_time)) {
+ log_event(EVENTLOG_ERROR_TYPE, NSSM_EVENT_GETPROCESSTIMES_FAILED, error_string(GetLastError()), 0);
+ return 1;
+ }
+
+ memmove(ft, &exit_time, sizeof(exit_time));
+
+ return 0;
+}
+
+int check_parent(char *service_name, PROCESSENTRY32 *pe, unsigned long ppid, FILETIME *pft, FILETIME *exit_time) {
+ /* Check parent process ID matches. */
+ if (pe->th32ParentProcessID != ppid) return 1;
+
+ /*
+ Process IDs can be reused so do a sanity check by making sure the child
+ has been running for less time than the parent.
+ Though unlikely, it's possible that the parent exited and its process ID
+ was already reused, so we'll also compare against its exit time.
+ */
+ HANDLE process_handle = OpenProcess(PROCESS_QUERY_INFORMATION, false, pe->th32ProcessID);
+ if (! process_handle) {
+ char pid_string[16];
+ _snprintf_s(pid_string, sizeof(pid_string), _TRUNCATE, "%lu", pe->th32ProcessID);
+ log_event(EVENTLOG_ERROR_TYPE, NSSM_EVENT_OPENPROCESS_FAILED, pid_string, service_name, error_string(GetLastError()), 0);
+ return 2;
+ }
+
+ FILETIME ft;
+ if (get_process_creation_time(process_handle, &ft)) {
+ CloseHandle(process_handle);
+ return 3;
+ }
+
+ CloseHandle(process_handle);
+
+ /* Verify that the parent's creation time is not later. */
+ if (CompareFileTime(pft, &ft) > 0) return 4;
+
+ /* Verify that the parent's exit time is not earlier. */
+ if (CompareFileTime(exit_time, &ft) < 0) return 5;
+
+ return 0;
+}
+
+/* Send some window messages and hope the window respects one or more. */
+int CALLBACK kill_window(HWND window, LPARAM arg) {
+ kill_t *k = (kill_t *) arg;
+
+ unsigned long pid;
+ if (! GetWindowThreadProcessId(window, &pid)) return 1;
+ if (pid != k->pid) return 1;
+
+ /* First try sending WM_CLOSE to request that the window close. */
+ k->signalled |= PostMessage(window, WM_CLOSE, k->exitcode, 0);
+
+ /*
+ Then tell the window that the user is logging off and it should exit
+ without worrying about saving any data.
+ */
+ k->signalled |= PostMessage(window, WM_ENDSESSION, 1, ENDSESSION_CLOSEAPP | ENDSESSION_CRITICAL | ENDSESSION_LOGOFF);
+
+ return 1;
+}
+
+/*
+ Try to post a message to the message queues of threads associated with the
+ given process ID. Not all threads have message queues so there's no
+ guarantee of success, and we don't want to be left waiting for unsignalled
+ processes so this function returns only true if at least one thread was
+ successfully prodded.
+*/
+int kill_threads(char *service_name, kill_t *k) {
+ int ret = 0;
+
+ /* Get a snapshot of all threads in the system. */
+ HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
+ if (! snapshot) {
+ log_event(EVENTLOG_ERROR_TYPE, NSSM_EVENT_CREATETOOLHELP32SNAPSHOT_THREAD_FAILED, service_name, error_string(GetLastError()), 0);
+ return 0;
+ }
+
+ THREADENTRY32 te;
+ ZeroMemory(&te, sizeof(te));
+ te.dwSize = sizeof(te);
+
+ if (! Thread32First(snapshot, &te)) {
+ log_event(EVENTLOG_ERROR_TYPE, NSSM_EVENT_THREAD_ENUMERATE_FAILED, service_name, error_string(GetLastError()), 0);
+ CloseHandle(snapshot);
+ return 0;
+ }
+
+ /* This thread belongs to the doomed process so signal it. */
+ if (te.th32OwnerProcessID == k->pid) {
+ ret |= PostThreadMessage(te.th32ThreadID, WM_QUIT, k->exitcode, 0);
+ }
+
+ while (true) {
+ /* Try to get the next thread. */
+ if (! Thread32Next(snapshot, &te)) {
+ unsigned long error = GetLastError();
+ if (error == ERROR_NO_MORE_FILES) break;
+ log_event(EVENTLOG_ERROR_TYPE, NSSM_EVENT_THREAD_ENUMERATE_FAILED, service_name, error_string(GetLastError()), 0);
+ CloseHandle(snapshot);
+ return ret;
+ }
+
+ if (te.th32OwnerProcessID == k->pid) {
+ ret |= PostThreadMessage(te.th32ThreadID, WM_QUIT, k->exitcode, 0);
+ }
+ }
+
+ CloseHandle(snapshot);
+
+ return ret;
+}
+
+/* Give the process a chance to die gracefully. */
+int kill_process(char *service_name, SERVICE_STATUS_HANDLE service_handle, SERVICE_STATUS *service_status, unsigned long stop_method, HANDLE process_handle, unsigned long pid, unsigned long exitcode) {