แก้ไข

แชร์ผ่าน


.kill (Kill Process)

In user mode, the .kill command ends a process that is being debugged.

In kernel mode, the .kill command ends a process on the target computer.

User-Mode Syntax

.kill [ /h | /n ]

Kernel-Mode Syntax

.kill Process 

Parameters

/h
(User mode only) Any outstanding debug event will be continued and marked as handled. This is the default.

/n
(User mode only) Any outstanding debug event will be continued without being marked as handled.

Process
Specifies the address of the process to be terminated. If Process is omitted or zero, the default process for the current system state will be terminated.

Environment

In kernel mode, this command is supported on Microsoft Windows Server 2003 and later versions of Windows.

Modes

user mode, kernel mode

Targets

live debugging only

Platforms

all

Remarks

In user mode, this command ends a process that is being debugged. If the debugger is attached to a child process, you can use .kill to end the child process without ending the parent process. For more information, see Examples.

In kernel mode, this command schedules the selected process on the target computer for termination. The next time that the target can run (for example, by using a g (Go) command), the specified process is ended.

You cannot use this command during local kernel debugging.

Examples

Using .childdbg

Suppose you attach a debugger to parent process (Parent.exe) before it creates a child process. You can enter the command .childdbg 1 to tell the debugger to attach to any child process that the parent creates.

1:001> .childdbg 1
Processes created by the current process will be debugged

Now let the parent process run, and break in after it has created the child process. Use the | (Process Status) command to see the process numbers for the parent and child processes.

0:002> |*
.  0    id: 7f8 attach  name: C:\Parent\x64\Debug\Parent.exe
   1    id: 2d4 child   name: notepad.exe

In the preceding output, the number of the child process (notepad.exe) is 1. The dot (.) at the beginning of the first line tells us that the parent process is the current process. To make the child process the current process, enter |1s.

0:002> |1s
...
1:001> |*
#  0    id: 7f8 attach  name: C:\Parent\x64\Debug\Parent.exe
.  1    id: 2d4 child   name: notepad.exe

To kill the child process, enter the command .kill. The parent process continues to run.

1:001> .kill
Terminated.  Exit thread and process events will occur.
1:001> g

Using the -o parameter

When you start WinDbg or CDB, you can use the -o parameter to tell the debugger that it should attach to child processes. For example, the following command starts WinDbg, which starts and attaches to Parent.exe. When Parent.exe creates a child process, WinDbg attaches to the child process.

windbg -g -G -o Parent.exe

For more information, see WinDbg Command-Line Options and CDB Command-Line Options.

Requirements

Version

Versions:(Kernel mode) Supported in Windows Server 2003 and later.