ZwTerminateProcess

MSDN Home

MSDN
MSDN Library
Win32 and COM Development
Windows Driver Kit
Kernel-Mode Driver Architectur ...
Reference
Driver Support Routines
ZwXxx Routines

ZwXxx Routines

ZwAllocateLocallyUniqueId
ZwAllocateVirtualMemory
ZwClose
ZwCreateDirectoryObject
ZwCreateEvent
ZwCreateFile
ZwCreateKey
ZwCreateKeyTransacted
ZwCreateSection
ZwCurrentProcess
ZwCurrentThread
ZwDeleteFile
ZwDeleteKey
ZwDeleteValueKey
ZwDeviceIoControlFile
ZwDuplicateObject
ZwDuplicateToken
ZwEnumerateKey
ZwEnumerateValueKey
ZwFlushBuffersFile
ZwFlushKey
ZwFlushVirtualMemory
ZwFreeVirtualMemory
ZwFsControlFile
ZwLoadDriver
ZwLockFile
ZwMakeTemporaryObject
ZwMapViewOfSection
ZwNotifyChangeKey
ZwOpenDirectoryObject
ZwOpenEvent
ZwOpenFile
ZwOpenKey
ZwOpenKeyEx
ZwOpenKeyTransacted
ZwOpenKeyTransactedEx
ZwOpenProcess
ZwOpenProcessTokenEx
ZwOpenSection
ZwOpenSymbolicLinkObject
ZwOpenThreadTokenEx
ZwQueryDirectoryFile
ZwQueryFullAttributesFile
ZwQueryInformationFile
ZwQueryInformationToken
ZwQueryKey
ZwQueryObject
ZwQueryQuotaInformationFile
ZwQuerySecurityObject
ZwQuerySymbolicLinkObject
ZwQueryValueKey
ZwQueryVolumeInformationFile
ZwReadFile
ZwSetEvent
ZwSetInformationFile
ZwSetInformationThread
ZwSetInformationToken
ZwSetQuotaInformationFile
ZwSetSecurityObject
ZwSetValueKey
ZwSetVolumeInformationFile
ZwTerminateProcess
ZwUnloadDriver
ZwUnlockFile
ZwUnmapViewOfSection
ZwWaitForSingleObject
ZwWriteFile
NtXxx Routines

Switch View :

Classic

Lightweight Beta

ScriptFree

Feedback

Windows Driver Kit: Kernel-Mode Driver Architecture

ZwTerminateProcess

The ZwTerminateProcess routine terminates a process and all of its threads.

NTSTATUS
  ZwTerminateProcess(
    IN HANDLE  ProcessHandle,
    IN NTSTATUS  ExitStatus
    );

Parameters
ProcessHandle: A handle to the process object that represents the process to be terminated.
ExitStatus: An NTSTATUS value that the operating system uses as the final status for the process and each of its threads.

Return Value

ZwTerminateProcess returns STATUS_SUCCESS if the operation succeeds. Additional return values include:

STATUS_OBJECT_TYPE_MISMATCH: The specified handle is not a process handle.
STATUS_INVALID_HANDLE: The specified handle is not valid.
STATUS_ACCESS_DENIED: The driver cannot access the specified process object.
STATUS_PROCESS_IS_TERMINATING: The specified process is already terminating.

If the caller specifies the current process in the ProcessHandle parameter, ZwTerminateProcess does not return.

Comments

To obtain a process handle that a driver can specify for the ProcessHandle parameter, the driver can call ZwOpenProcess. The handle must be a kernel handle.

Drivers must not specify the current process if resources have not been freed from the kernel stack, because the operating system will not unwind the kernel stack for the calling thread.

Note If the call to this function occurs in user mode, you should use the name "NtTerminateProcess" instead of "ZwTerminateProcess".

Requirements

IRQL: PASSIVE_LEVEL

Headers: Declared in Ntddk.h. Include Ntddk.h.

Parameters

Return Value

Comments

Requirements

See Also