Hi All,
I have opened a handel for process in kernel mode, but the process is zombi thats why task manager is not showing it. So please help me.
Thanks & Regards,
Amit.
ZwQuerySystemInformation(), infoclass ProcessesAndThreads is your friend here - it provides info about all processes and threads in the system. If you see that some process has no threads in it
(ThreadCount is zero), but it used to (KernelTime and UserTime fields is not zero), then you can be pretty sure that the process is zombie - it is on the list only because someone keeps an open handle to it.
Another reason why process may become zombie is because someone has an open handle to one of its threads, although all threads are in terminated state. Therefore, if thread count is non-zero,
check the thread list, and see if all threads are in terminated state - if they are, then, again, the process is zombie…
Anton Bassov
GetExitCodeProcess will return STILL_ACTIVE for non-zombie and a code for
zombie.
WaitForSingleObject on a process handle with zero timeout will time out on
non-zombie and succeed on a zombie.
–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
wrote in message news:xxxxx@ntdev…
> ZwQuerySystemInformation(), infoclass ProcessesAndThreads is your friend
here - it provides info about all processes and threads in the system. If you
see that some process has no threads in it
> (ThreadCount is zero), but it used to (KernelTime and UserTime fields is not
zero), then you can be pretty sure that the process is zombie - it is on the
list only because someone keeps an open handle to it.
>
> Another reason why process may become zombie is because someone has an open
handle to one of its threads, although all threads are in terminated state.
Therefore, if thread count is non-zero,
> check the thread list, and see if all threads are in terminated state - if
they are, then, again, the process is zombie…
>
> Anton Bassov
>
> GetExitCodeProcess will return STILL_ACTIVE for non-zombie and a code for zombie.
WaitForSingleObject on a process handle with zero timeout will time out on
non-zombie and succeed on a zombie.
Sure - I just overlooked the fact that the OP already has a handle to the target process (first I thought he just wants to know if there are any zombies in the system). However, at this point his question in itself just stops making sense - I just don’t understand how we can help him if the process that he has an open handle to has been terminated…
Anton Bassov
As told by anton bassov I have used ZwQuerySystemInformation to check for zombi but ZwQuerySystemInformation does not return any informtion about zombi ie. there is no any record of zombi process so spacified checks are not possible.