Added get_debug_token().

[nssm.git] / process.cpp

#include "nssm.h"\r
\r
extern imports_t imports;\r
\r
HANDLE get_debug_token() {\r
  long error;\r
  HANDLE token;\r
  if (! OpenThreadToken(GetCurrentThread(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, false, &token)) {\r
    error = GetLastError();\r
    if (error == ERROR_NO_TOKEN) {\r
      (void) ImpersonateSelf(SecurityImpersonation);\r
      (void) OpenThreadToken(GetCurrentThread(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, false, &token);\r
    }\r
  }\r
  if (! token) return INVALID_HANDLE_VALUE;\r
\r
  TOKEN_PRIVILEGES privileges, old;\r
  unsigned long size = sizeof(TOKEN_PRIVILEGES);\r
  LUID luid;\r
  if (! LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid)) {\r
    CloseHandle(token);\r
    return INVALID_HANDLE_VALUE;\r
  }\r
\r
  privileges.PrivilegeCount = 1;\r
  privileges.Privileges[0].Luid = luid;\r
  privileges.Privileges[0].Attributes = 0;\r
\r
  if (! AdjustTokenPrivileges(token, false, &privileges, size, &old, &size)) {\r
    CloseHandle(token);\r
    return INVALID_HANDLE_VALUE;\r
  }\r
\r
  old.PrivilegeCount = 1;\r
  old.Privileges[0].Luid = luid;\r
  old.Privileges[0].Attributes |= SE_PRIVILEGE_ENABLED;\r
\r
  if (! AdjustTokenPrivileges(token, false, &old, size, NULL, NULL)) {\r
    CloseHandle(token);\r
    return INVALID_HANDLE_VALUE;\r
  }\r
\r
  return token;\r
}\r
\r
void service_kill_t(nssm_service_t *service, kill_t *k) {\r
  if (! service) return;\r
  if (! k) return;\r
\r
  ZeroMemory(k, sizeof(*k));\r
  k->name = service->name;\r
  k->process_handle = service->process_handle;\r
  k->pid = service->pid;\r
  k->exitcode = service->exitcode;\r
  k->stop_method = service->stop_method;\r
  k->kill_console_delay = service->kill_console_delay;\r
  k->kill_window_delay = service->kill_window_delay;\r
  k->kill_threads_delay = service->kill_threads_delay;\r
  k->status_handle = service->status_handle;\r
  k->status = &service->status;\r
  k->creation_time = service->creation_time;\r
  k->exit_time = service->exit_time;\r
}\r
\r
int get_process_creation_time(HANDLE process_handle, FILETIME *ft) {\r
  FILETIME creation_time, exit_time, kernel_time, user_time;\r
\r
  if (! GetProcessTimes(process_handle, &creation_time, &exit_time, &kernel_time, &user_time)) {\r
    log_event(EVENTLOG_ERROR_TYPE, NSSM_EVENT_GETPROCESSTIMES_FAILED, error_string(GetLastError()), 0);\r
    return 1;\r
  }\r
\r
  memmove(ft, &creation_time, sizeof(creation_time));\r
\r
  return 0;\r
}\r
\r
int get_process_exit_time(HANDLE process_handle, FILETIME *ft) {\r
  FILETIME creation_time, exit_time, kernel_time, user_time;\r
\r
  if (! GetProcessTimes(process_handle, &creation_time, &exit_time, &kernel_time, &user_time)) {\r
    log_event(EVENTLOG_ERROR_TYPE, NSSM_EVENT_GETPROCESSTIMES_FAILED, error_string(GetLastError()), 0);\r
    return 1;\r
  }\r
\r
  if (! (exit_time.dwLowDateTime || exit_time.dwHighDateTime)) return 2;\r
  memmove(ft, &exit_time, sizeof(exit_time));\r
\r
  return 0;\r
}\r
\r
int check_parent(kill_t *k, PROCESSENTRY32 *pe, unsigned long ppid) {\r
  /* Check parent process ID matches. */\r
  if (pe->th32ParentProcessID != ppid) return 1;\r
\r
  /*\r
    Process IDs can be reused so do a sanity check by making sure the child\r
    has been running for less time than the parent.\r
    Though unlikely, it's possible that the parent exited and its process ID\r
    was already reused, so we'll also compare against its exit time.\r
  */\r
  HANDLE process_handle = OpenProcess(PROCESS_QUERY_INFORMATION, false, pe->th32ProcessID);\r
  if (! process_handle) {\r
    TCHAR pid_string[16];\r
    _sntprintf_s(pid_string, _countof(pid_string), _TRUNCATE, _T("%lu"), pe->th32ProcessID);\r
    log_event(EVENTLOG_ERROR_TYPE, NSSM_EVENT_OPENPROCESS_FAILED, pid_string, k->name, error_string(GetLastError()), 0);\r
    return 2;\r
  }\r
\r
  FILETIME ft;\r
  if (get_process_creation_time(process_handle, &ft)) {\r
    CloseHandle(process_handle);\r
    return 3;\r
  }\r
\r
  CloseHandle(process_handle);\r
\r
  /* Verify that the parent's creation time is not later. */\r
  if (CompareFileTime(&k->creation_time, &ft) > 0) return 4;\r
\r
  /* Verify that the parent's exit time is not earlier. */\r
  if (CompareFileTime(&k->exit_time, &ft) < 0) return 5;\r
\r
  return 0;\r
}\r
\r
/* Send some window messages and hope the window respects one or more. */\r
int CALLBACK kill_window(HWND window, LPARAM arg) {\r
  kill_t *k = (kill_t *) arg;\r
\r
  unsigned long pid;\r
  if (! GetWindowThreadProcessId(window, &pid)) return 1;\r
  if (pid != k->pid) return 1;\r
\r
  /* First try sending WM_CLOSE to request that the window close. */\r
  k->signalled |= PostMessage(window, WM_CLOSE, k->exitcode, 0);\r
\r
  /*\r
    Then tell the window that the user is logging off and it should exit\r
    without worrying about saving any data.\r
  */\r
  k->signalled |= PostMessage(window, WM_ENDSESSION, 1, ENDSESSION_CLOSEAPP | ENDSESSION_CRITICAL | ENDSESSION_LOGOFF);\r
\r
  return 1;\r
}\r
\r
/*\r
  Try to post a message to the message queues of threads associated with the\r
  given process ID.  Not all threads have message queues so there's no\r
  guarantee of success, and we don't want to be left waiting for unsignalled\r
  processes so this function returns only true if at least one thread was\r
  successfully prodded.\r
*/\r
int kill_threads(nssm_service_t *service, kill_t *k) {\r
  int ret = 0;\r
\r
  /* Get a snapshot of all threads in the system. */\r
  HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);\r
  if (snapshot == INVALID_HANDLE_VALUE) {\r
    log_event(EVENTLOG_ERROR_TYPE, NSSM_EVENT_CREATETOOLHELP32SNAPSHOT_THREAD_FAILED, k->name, error_string(GetLastError()), 0);\r
    return 0;\r
  }\r
\r
  THREADENTRY32 te;\r
  ZeroMemory(&te, sizeof(te));\r
  te.dwSize = sizeof(te);\r
\r
  if (! Thread32First(snapshot, &te)) {\r
    log_event(EVENTLOG_ERROR_TYPE, NSSM_EVENT_THREAD_ENUMERATE_FAILED, k->name, error_string(GetLastError()), 0);\r
    CloseHandle(snapshot);\r
    return 0;\r
  }\r
\r
  /* This thread belongs to the doomed process so signal it. */\r
  if (te.th32OwnerProcessID == k->pid) {\r
    ret |= PostThreadMessage(te.th32ThreadID, WM_QUIT, k->exitcode, 0);\r
  }\r
\r
  while (true) {\r
    /* Try to get the next thread. */\r
    if (! Thread32Next(snapshot, &te)) {\r
      unsigned long error = GetLastError();\r
      if (error == ERROR_NO_MORE_FILES) break;\r
      log_event(EVENTLOG_ERROR_TYPE, NSSM_EVENT_THREAD_ENUMERATE_FAILED, k->name, error_string(GetLastError()), 0);\r
      CloseHandle(snapshot);\r
      return ret;\r
    }\r
\r
    if (te.th32OwnerProcessID == k->pid) {\r
      ret |= PostThreadMessage(te.th32ThreadID, WM_QUIT, k->exitcode, 0);\r
    }\r
  }\r
\r
  CloseHandle(snapshot);\r
\r
  return ret;\r
}\r
\r
int kill_threads(kill_t *k) {\r
  return kill_threads(NULL, k);\r
}\r
\r
/* Give the process a chance to die gracefully. */\r
int kill_process(nssm_service_t *service, kill_t *k) {\r
  if (! k) return 1;\r
\r
  unsigned long ret;\r
  if (GetExitCodeProcess(k->process_handle, &ret)) {\r
    if (ret != STILL_ACTIVE) return 1;\r
  }\r
\r
  /* Try to send a Control-C event to the console. */\r
  if (k->stop_method & NSSM_STOP_METHOD_CONSOLE) {\r
    if (! kill_console(k)) return 1;\r
  }\r
\r
  /*\r
    Try to post messages to the windows belonging to the given process ID.\r
    If the process is a console application it won't have any windows so there's\r
    no guarantee of success.\r
  */\r
  if (k->stop_method & NSSM_STOP_METHOD_WINDOW) {\r
    EnumWindows((WNDENUMPROC) kill_window, (LPARAM) k);\r
    if (k->signalled) {\r
      if (! await_single_handle(k->status_handle, k->status, k->process_handle, k->name, _T(__FUNCTION__), k->kill_window_delay)) return 1;\r
      k->signalled = 0;\r
    }\r
  }\r
\r
  /*\r
    Try to post messages to any thread message queues associated with the\r
    process.  Console applications might have them (but probably won't) so\r
    there's still no guarantee of success.\r
  */\r
  if (k->stop_method & NSSM_STOP_METHOD_THREADS) {\r
    if (kill_threads(k)) {\r
      if (! await_single_handle(k->status_handle, k->status, k->process_handle, k->name, _T(__FUNCTION__), k->kill_threads_delay)) return 1;\r
    }\r
  }\r
\r
  /* We tried being nice.  Time for extreme prejudice. */\r
  if (k->stop_method & NSSM_STOP_METHOD_TERMINATE) {\r
    return TerminateProcess(k->process_handle, k->exitcode);\r
  }\r
\r
  return 0;\r
}\r
\r
int kill_process(kill_t *k) {\r
  return kill_process(NULL, k);\r
}\r
\r
/* Simulate a Control-C event to our console (shared with the app). */\r
int kill_console(nssm_service_t *service, kill_t *k) {\r
  unsigned long ret;\r
\r
  if (! k) return 1;\r
\r
  /* Check we loaded AttachConsole(). */\r
  if (! imports.AttachConsole) return 4;\r
\r
  /* Try to attach to the process's console. */\r
  if (! imports.AttachConsole(k->pid)) {\r
    ret = GetLastError();\r
\r
    switch (ret) {\r
      case ERROR_INVALID_HANDLE:\r
        /* The app doesn't have a console. */\r
        return 1;\r
\r
      case ERROR_GEN_FAILURE:\r
        /* The app already exited. */\r
        return 2;\r
\r
      case ERROR_ACCESS_DENIED:\r
      default:\r
        /* We already have a console. */\r
        log_event(EVENTLOG_ERROR_TYPE, NSSM_EVENT_ATTACHCONSOLE_FAILED, k->name, error_string(ret), 0);\r
        return 3;\r
    }\r
  }\r
\r
  /* Ignore the event ourselves. */\r
  ret = 0;\r
  BOOL ignored = SetConsoleCtrlHandler(0, TRUE);\r
  if (! ignored) {\r
    log_event(EVENTLOG_ERROR_TYPE, NSSM_EVENT_SETCONSOLECTRLHANDLER_FAILED, k->name, error_string(GetLastError()), 0);\r
    ret = 4;\r
  }\r
\r
  /* Send the event. */\r
  if (! ret) {\r
    if (! GenerateConsoleCtrlEvent(CTRL_C_EVENT, 0)) {\r
      log_event(EVENTLOG_ERROR_TYPE, NSSM_EVENT_GENERATECONSOLECTRLEVENT_FAILED, k->name, error_string(GetLastError()), 0);\r
      ret = 5;\r
    }\r
  }\r
\r
  /* Detach from the console. */\r
  if (! FreeConsole()) {\r
    log_event(EVENTLOG_WARNING_TYPE, NSSM_EVENT_FREECONSOLE_FAILED, k->name, error_string(GetLastError()), 0);\r
  }\r
\r
  /* Wait for process to exit. */\r
  if (await_single_handle(k->status_handle, k->status, k->process_handle, k->name, _T(__FUNCTION__), k->kill_console_delay)) ret = 6;\r
\r
  /* Remove our handler. */\r
  if (ignored && ! SetConsoleCtrlHandler(0, FALSE)) {\r
    log_event(EVENTLOG_ERROR_TYPE, NSSM_EVENT_SETCONSOLECTRLHANDLER_FAILED, k->name, error_string(GetLastError()), 0);\r
  }\r
\r
  return ret;\r
}\r
\r
int kill_console(kill_t *k) {\r
  return kill_console(NULL, k);\r
}\r
\r
void walk_process_tree(nssm_service_t *service, walk_function_t fn, kill_t *k, unsigned long ppid) {\r
  if (! k) return;\r
  /* Shouldn't happen unless the service failed to start. */\r
  if (! k->pid) return; /* XXX: needed? */\r
  unsigned long pid = k->pid;\r
\r
  TCHAR pid_string[16], code[16];\r
  _sntprintf_s(pid_string, _countof(pid_string), _TRUNCATE, _T("%lu"), pid);\r
  _sntprintf_s(code, _countof(code), _TRUNCATE, _T("%lu"), k->exitcode);\r
  log_event(EVENTLOG_INFORMATION_TYPE, NSSM_EVENT_KILLING, k->name, pid_string, code, 0);\r
\r
  /* We will need a process handle in order to call TerminateProcess() later. */\r
  HANDLE process_handle = OpenProcess(SYNCHRONIZE | PROCESS_QUERY_INFORMATION | PROCESS_VM_READ | PROCESS_TERMINATE, false, pid);\r
  if (process_handle) {\r
    /* Kill this process first, then its descendents. */\r
    TCHAR ppid_string[16];\r
    _sntprintf_s(ppid_string, _countof(ppid_string), _TRUNCATE, _T("%lu"), ppid);\r
    log_event(EVENTLOG_INFORMATION_TYPE, NSSM_EVENT_KILL_PROCESS_TREE, pid_string, ppid_string, k->name, 0);\r
    k->process_handle = process_handle; /* XXX: open directly? */\r
    if (! fn(service, k)) {\r
      /* Maybe it already died. */\r
      unsigned long ret;\r
      if (! GetExitCodeProcess(process_handle, &ret) || ret == STILL_ACTIVE) {\r
        if (k->stop_method & NSSM_STOP_METHOD_TERMINATE) log_event(EVENTLOG_ERROR_TYPE, NSSM_EVENT_TERMINATEPROCESS_FAILED, pid_string, k->name, error_string(GetLastError()), 0);\r
        else log_event(EVENTLOG_WARNING_TYPE, NSSM_EVENT_PROCESS_STILL_ACTIVE, k->name, pid_string, NSSM, NSSM_REG_STOP_METHOD_SKIP, 0);\r
      }\r
    }\r
\r
    CloseHandle(process_handle);\r
  }\r
  else log_event(EVENTLOG_ERROR_TYPE, NSSM_EVENT_OPENPROCESS_FAILED, pid_string, k->name, error_string(GetLastError()), 0);\r
\r
  /* Get a snapshot of all processes in the system. */\r
  HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);\r
  if (snapshot == INVALID_HANDLE_VALUE) {\r
    log_event(EVENTLOG_ERROR_TYPE, NSSM_EVENT_CREATETOOLHELP32SNAPSHOT_PROCESS_FAILED, k->name, error_string(GetLastError()), 0);\r
    return;\r
  }\r
\r
  PROCESSENTRY32 pe;\r
  ZeroMemory(&pe, sizeof(pe));\r
  pe.dwSize = sizeof(pe);\r
\r
  if (! Process32First(snapshot, &pe)) {\r
    log_event(EVENTLOG_ERROR_TYPE, NSSM_EVENT_PROCESS_ENUMERATE_FAILED, k->name, error_string(GetLastError()), 0);\r
    CloseHandle(snapshot);\r
    return;\r
  }\r
\r
  /* This is a child of the doomed process so kill it. */\r
  if (! check_parent(k, &pe, pid)) {\r
    k->pid = pe.th32ProcessID;\r
    walk_process_tree(service, fn, k, ppid);\r
  }\r
  k->pid = pid;\r
\r
  while (true) {\r
    /* Try to get the next process. */\r
    if (! Process32Next(snapshot, &pe)) {\r
      unsigned long ret = GetLastError();\r
      if (ret == ERROR_NO_MORE_FILES) break;\r
      log_event(EVENTLOG_ERROR_TYPE, NSSM_EVENT_PROCESS_ENUMERATE_FAILED, k->name, error_string(GetLastError()), 0);\r
      CloseHandle(snapshot);\r
      return;\r
    }\r
\r
    if (! check_parent(k, &pe, pid)) {\r
      k->pid = pe.th32ProcessID;\r
      walk_process_tree(service, fn, k, ppid);\r
    }\r
    k->pid = pid;\r
  }\r
\r
  CloseHandle(snapshot);\r
}\r
\r
void kill_process_tree(kill_t *k, unsigned long ppid) {\r
  return walk_process_tree(NULL, kill_process, k, ppid);\r
}\r