原文链接:https://devblogs.microsoft.com/oldnewthing/20040722-00/?p=38373
If a user fires up Task Manager and clicks “End Task” on your program, Windows first tries to shut down your program nicely, by sending WM_CLOSE messages to GUI programs and CTRL_CLOSE_EVENT events to console programs. But you don’t get a chance to intercept TerminateProcess. Why not?
如果用户打开任务管理器,选中你的程序之后点击『结束任务』,Windows将首先尝试优雅地通知你的程序进行关闭,方法是向GUI应用发送WM_CLOSE消息,或者向控制台应用发送CTRL_CLOSE_EVENT事件。不过,你是不可能拦截 TerminateProcess 的。这是为什么呢?
TerminateProcess is the low-level process killing function. It bypasses DLL_PROCESS_DETACH and anything else in the process. Once you kill with TerminateProcess, no more user-mode code will run in that process. It’s gone. Do not pass go. Do not collect $200.
TerminateProcess(译注:原文链接已失效,此处为MSDN上对应的新链接)是一种底层结束任务的方法,可以绕过 DLL_PROCESS_DETACH 及进程中的任何东西。一旦调用 TerminateProcess 来结束进程的话,该进程中将不再有任何用户模式的代码可以运行。就那么结束了。别再想着过起点了,也别再想挣200块的事了。(译注:Do not pass go. Do not collect $200是原版“大富翁”游戏中直接将其它玩家送入监狱格的事件卡片背面文字,用于强调“啥也别想了,没救了”的意思。)
If you could intercept TerminateProcess, then you would be escalating the arms race between programs and users. Suppose you could intercept it. Well, then if you wanted to make your program unkillable, you would just hang in your TerminateProcess handler!
假设有办法拦截 TerminateProcess 的话,不过是恶化了程序和用户之间的军备竞赛而已。设想如果可以拦截它,那么,如果想让你的程序无法被中止,只要在你的 TerminateProcess 处理进程中挂起就好啦!
And then people would ask for “a way to kill a process that is refusing to be killed with TerminateProcess,” and we’d be back to where we started.
然后就会有人提出『如何中止拒绝被 TerminateProcess 杀掉的进程』这样的问题,于是我们又回到了问题的开头。
远嚣 Comment