我可以将ctrl-C(SIGINT)发送到Windows上的应用程序吗? [英] Can I send a ctrl-C (SIGINT) to an application on Windows?
问题描述
(过去)我编写了跨平台(Windows/Unix)应用程序,这些应用程序从命令行启动时可以处理用户键入的 Ctrl - C 以相同的方式组合(即干净地终止应用程序).
I have (in the past) written cross-platform (Windows/Unix) applications which, when started from the command line, handled a user-typed Ctrl-C combination in the same way (i.e. to terminate the application cleanly).
在Windows上是否可以将 Ctrl - C /SIGINT/等效于另一个(不相关的)进程中的某个进程发送,以请求其干净终止(给予它)有机会整理资源等?)
Is it possible on Windows to send a Ctrl-C/SIGINT/equivalent to a process from another (unrelated) process to request that it terminate cleanly (giving it an opportunity to tidy up resources etc.)?
推荐答案
The closest that I've come to a solution is the SendSignal 3rd party app. The author lists source code and an executable. I've verified that it works under 64-bit windows (running as a 32-bit program, killing another 32-bit program), but I've not figured out how to embed the code into a windows program (either 32-bit or 64-bit).
工作原理:
在调试器中进行了很多研究之后,我发现实际上执行与ctrl-break之类的信号相关的行为的入口点是kernel32!CtrlRoutine.该函数具有与ThreadProc相同的原型,因此可以直接与CreateRemoteThread一起使用,而无需注入代码.但是,这不是导出的符号!在不同版本的Windows上,它位于不同的地址(甚至具有不同的名称).该怎么办?
After much digging around in the debugger I discovered that the entry point that actually does the behavior associated with a signal like ctrl-break is kernel32!CtrlRoutine. The function had the same prototype as ThreadProc, so it can be used with CreateRemoteThread directly, without having to inject code. However, that's not an exported symbol! It's at different addresses (and even has different names) on different versions of Windows. What to do?
这是我最终想出的解决方案.我为我的应用安装了控制台ctrl处理程序,然后为我的应用生成了ctrl-break信号.当我的处理程序被调用时,我回头查看堆栈的顶部以查找传递给kernel32!BaseThreadStart的参数.我获取第一个参数,它是线程的所需起始地址,即kernel32!CtrlRoutine的地址.然后,我从处理程序中返回,表明我已经处理了信号,并且我的应用程序不应终止.回到主线程中,我等到已检索kernel32!CtrlRoutine的地址.一旦找到它,就在目标进程中使用发现的起始地址创建一个远程线程.这将导致对目标进程中的ctrl处理程序进行评估,就像按下了ctrl-break一样!
Here is the solution I finally came up with. I install a console ctrl handler for my app, then generate a ctrl-break signal for my app. When my handler gets called, I look back at the top of the stack to find out the parameters passed to kernel32!BaseThreadStart. I grab the first param, which is the desired start address of the thread, which is the address of kernel32!CtrlRoutine. Then I return from my handler, indicating that I have handled the signal and my app should not be terminated. Back in the main thread, I wait until the address of kernel32!CtrlRoutine has been retrieved. Once I've got it, I create a remote thread in the target process with the discovered start address. This causes the ctrl handlers in the target process to be evaluated as if ctrl-break had been pressed!
令人高兴的是,只有目标进程受到影响,任何进程(甚至是窗口进程)都可以成为目标.缺点是我的小应用程序不能在批处理文件中使用,因为它会在发送ctrl-break事件以发现kernel32!CtrlRoutine的地址时将其杀死.
The nice thing is that only the target process is affected, and any process (even a windowed process) can be targeted. One downside is that my little app can't be used in a batch file, since it will kill it when it sends the ctrl-break event in order to discover the address of kernel32!CtrlRoutine.
(如果在批处理文件中运行,请在start之前添加.)
(Precede it with start if running it in a batch file.)
这篇关于我可以将ctrl-C(SIGINT)发送到Windows上的应用程序吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
