How does Windows kill a process, exactly?

Question

I'm unfamiliar with how processes are killed in Windows. In Linux, a "warm" kill sends a signal (15) which the process can handle by instantiating a signal handler. A cold kill is signal (9) which the OS handles by killing the process forcefully.

How can I "kill" a process in Windows? How is it handled by OS and by the process? What actions does OS perform? Is there a cross-platform way of responding to a kill/close request?

Please accept an answer, if your question has been answered. — Oliver, Mar 15 '14 at 10:28

score 15 · Answer 1 · edited Feb 12 '22 at 18:20

15

"End Task" (and taskkill) appears to post a WM_CLOSE message to the program's windows. (The same is done when you click the × "Close" button.) If the program does not exit in some time, user gets prompted to end the program forcefully.

"Kill Process" and taskkill /f use TerminateProcess().

How To Terminate an Application "Cleanly" in Win32

edited Feb 12 '22 at 18:20

Arend

105
3

answered Jun 16 '10 at 16:57

user1686

8,717
25
38

3

+1, WM_CLOSE sent to app; after X time ask user to force kill, Windows removes the process from the scheduler, closes all handles (which can trip up the process if the kernel is processing one of those handles), then reclaims the memory space (this is the *really short version* of the process). – Chris S Jun 16 '10 at 17:01
The third way is `ntsd -p -c q`, which uses the `ntsd` debugger; I'm not sure what happens when a program is killed that way. (_pokes @Chris_) – user1686 Jun 16 '10 at 17:08
9

what happens if the program doesn't have a window? – IttayD Jun 18 '10 at 11:46
4

@IttayD: Then there's no entry in Task Manager to use "End Task" on :) I just tried `taskkill` and it replies with: "This process can only be terminated forcefully ( with /F option )." So yeah, the only choice left is `TerminateProcess()`. – user1686 Jun 18 '10 at 20:20
4

@IttayD: Note that on Windows, services (daemons) are written differently from user applications; they can receive status queries and control requests from Service Manager, so a graceful stop is possible. – user1686 Jun 18 '10 at 20:22

score 0 · Answer 2 · answered Jun 14 '10 at 21:30

Sysinternals (now part of Microsoft) offers a utility called pskill which can be used from the command line to kill processes on the local system or on remote systems.

The usual way to kill processes in Windows in a GUI environment is to use the Task Manager.

score -1 · Answer 3 · answered Jun 14 '10 at 20:45

-1

with cygwin you can use a cross platform kill!

answered Jun 14 '10 at 20:45

tony roth

3,844
17
14

How does Windows kill a process, exactly?

3 Answers3