Search the Community

Specs: Delphi XE7, Windows 7 64bit laptop. There is a "rundll32.exe" that keeps running every day. Now, I know that this is used in various ways during regular Windows operations, like for instance, when you open the sound volumn applet (via taskbar icon) and select the speaker icon, the "rundll32" activates and runs services. The service is running a HDD file collection activity because my HDD light is on continuously. And after searching around the web for answers, I found many Delphi routines that end or kill a process by program name and process_id. I am using the PID to be more accurate. Then, I wrote an app to detect when this file or service runs and End or Kill its process via its PID, but the process does not end. I think I've tried all the methods that I found and still, this "rundll32.exe" file will not stop running. I am pretty sure that this is a backgroud (scheduled) task that can be turned off somewhere in "services.msc" but that method is not what I want to use in this case. This endeviour has stumped me and I want to figure it out in the route I am in now. Any advice or suggestions or code corrections on how to proceed would be greatly appreciated. function KillProcessTree(const PID: Cardinal): boolean; var hProc, hSnap, hChildProc : THandle; pe : TProcessEntry32; bCont : BOOL; begin Result := true; FillChar(pe, SizeOf(pe), #0); pe.dwSize := SizeOf(pe); hSnap := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if (hSnap <> INVALID_HANDLE_VALUE) then begin if (Process32First(hSnap, pe)) then begin hProc := OpenProcess(PROCESS_TERMINATE{PROCESS_ALL_ACCESS}, false, PID); if (hProc <> 0) then begin Result := Result and TerminateProcess(hProc, 1); WaitForSingleObject(hProc, INFINITE); CloseHandle(hProc); end; bCont := true; while bCont do begin if (pe.th32ParentProcessID = PID) then begin KillProcessTree(pe.th32ProcessID); hChildProc := OpenProcess(PROCESS_TERMINATE{PROCESS_ALL_ACCESS}, FALSE, pe.th32ProcessID); if (hChildProc <> 0) then begin Result := Result and TerminateProcess(hChildProc, 1); WaitForSingleObject(hChildProc, INFINITE); CloseHandle(hChildProc); end; end; bCont := Process32Next(hSnap, pe); end; end; CloseHandle(hSnap); end; end; and. . . function Killtask2(exefilename: string): integer; Const process_terminate = $0001; Var Continueloop: Bool; Fsnapshothandle: THandle; fprocessentry32: TProcessentry32; Begin Result := 0; Fsnapshothandle := CreateToolhelp32Snapshot (Th32cs_snapprocess, 0); FProcessEntry32.dwsize := Sizeof(FPROCESSENTRY32); Continueloop := Process32First (Fsnapshothandle, FPROCESSENTRY32); while integer (continueloop) <> 0 do begin if (Uppercase(Extractfilename (FProcessEntry32. szexefile)) = Uppercase(Exefilename)) or (Uppercase(FProcessEntry32. Szexefile) = Uppercase(Exefilename)) then Result := Integer(TerminateProcess(OpenProcess(Process_terminate, BOOL (0), FProcessEntry32. Th32processid), 0)); Continueloop := Process32Next(Fsnapshothandle, FPROCESSENTRY32); end; CloseHandle(Fsnapshothandle); End; and this one. . . function KillTask(ExeFileName: string): Integer; const PROCESS_TERMINATE = $0001; var ContinueLoop: BOOL; FSnapshotHandle: THandle; FProcessEntry32: TProcessEntry32; begin Result := 0; FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); FProcessEntry32.dwSize := SizeOf(FProcessEntry32); ContinueLoop := Process32First(FSnapshotHandle, FProcessEntry32); while Integer(ContinueLoop) <> 0 do begin if ((UpperCase(ExtractFileName(FProcessEntry32.szExeFile)) = UpperCase(ExeFileName)) or (UpperCase(FProcessEntry32.szExeFile) = UpperCase(ExeFileName))) then Result := Integer(TerminateProcess( OpenProcess(PROCESS_TERMINATE, BOOL(0), FProcessEntry32.th32ProcessID), 0)); ContinueLoop := Process32Next(FSnapshotHandle, FProcessEntry32); end; CloseHandle(FSnapshotHandle); end;