Zombile process created if program crash in Win81

Started by twu2, October 24, 2013, 04:23:02 AM

Previous topic - Next topic

twu2

OS: Windows 8.1 64bit RTM
Process Lasso: 6.7.0.0

Reproduce step:
1. Execute Process Lasso.
2. create a program like this (this example using c#, but got same result if use c or c++, with or without .net):

using System;

    namespace CrashTestProgram
    {
    class Program
    {
    static void Main(string[] args)
    {
    Console.WriteLine("Press Enter to get crash");
    Console.ReadKey();
    Console.WriteLine("crash here {1}", 0);
    }
    }
    }


3. Compile and run the program above, press Enter to make the program crashed.
4. Windows OS got the exception, ask to debug or close the program. (OS will duplicate the process, we have 2 process for one program now, it only happen in windows 8.1)
5. Choose Close the program.
6. The original process will be deleted, but the new process won't, become a zombie
7. Can't kill such zombie process in Process Lasso.
8. Exit Process Lasso, then the zombie process will disappear (so I think maybe some resource still hold by Process Lasso while the program crashed)

It only happen under Windows 8.1.

twu2


BenYeeHua

En...
Any information for why OS will duplicate 2 process when it is crashed? :)

twu2

try 6.7.0.6 today, still got zombie process via the test program.
a little different, the zombie still exist even exit process lasso (I remember it will disappear if exit process lass for previous version/test).

BenYeeHua

I am sorry that you might need to wait longer and let the dev look on this issues, as he just back for a few days. :)

Anyways, did you ask on the Microsoft forum, and what's they answer you?

twu2

No, I don't ask this in Microsoft's forum, because there's no issue for Process Explorer about this.

I only ask here and Process Hacker's forum, I think it's the same issue for Process Hacker and Process Lasso.
for reference, the fixed for Process Hacker in above URL show:
             // Open a handle to the process for later usage.
-            PhOpenProcess(&processItem->QueryHandle, PROCESS_QUERY_INFORMATION, processItem->ProcessId);
-
-            if (WINDOWS_HAS_LIMITED_ACCESS && !processItem->QueryHandle)
-                PhOpenProcess(&processItem->QueryHandle, PROCESS_QUERY_LIMITED_INFORMATION, processItem->ProcessId);
+            // Don't try to do this if the process has no threads. On Windows 8.1, processes without threads are
+            // probably reflected processes which will not terminate if we have a handle open.
+            if (processItem->NumberOfThreads != 0)
+            {
+                PhOpenProcess(&processItem->QueryHandle, PROCESS_QUERY_INFORMATION, processItem->ProcessId);
+
+                if (WINDOWS_HAS_LIMITED_ACCESS && !processItem->QueryHandle)
+                    PhOpenProcess(&processItem->QueryHandle, PROCESS_QUERY_LIMITED_INFORMATION, processItem->ProcessId);
+            }


the author has comment for this:
            // Don't try to do this if the process has no threads. On Windows 8.1, processes without threads are
            // probably reflected processes which will not terminate if we have a handle open.


Just skip the process without threads in Win8.1, don't query information for such process. (he call this is 'reflected process', I'm not sure this is an official name or not)....
If a process

BenYeeHua

I don't find anything about "reflected process", except here.
So it can be named by the dev of Process Hacker.

Anyways, I think you has give enough information for this, let's wait for the dev to look at it. :)

BenYeeHua

So I has saw this update, did you get this issues fixed after this update is installed? :)
http://support.microsoft.com/kb/2905627

Jeremy Collake

I have seen this issue myself. I'll be fixing it soon!
Software Engineer. Bitsum LLC.

twu2

Quote from: BenYeeHua on February 20, 2014, 01:25:17 PM
So I has saw this update, did you get this issues fixed after this update is installed? :)
http://support.microsoft.com/kb/2905627
I check my system, it already have KB2903939, but still have problem.

BenYeeHua

Quote from: support on February 24, 2014, 11:12:07 AM
I have seen this issue myself. I'll be fixing it soon!
Good to hear about that.  :)

Quote from: twu2 on February 25, 2014, 04:10:30 AM
I check my system, it already have KB2903939, but still have problem.
Ok, I still curious why they add this "feature" in Windows 8.1...
Stability?

Jeremy Collake

Fixed in v6.7.0.52, being uploaded in a few minutes.
Software Engineer. Bitsum LLC.

BenYeeHua


twu2


Jeremy Collake

Good to hear ;).

As I've told Bitsum insiders, the development cycle has changed, but work has not stopped. Changes will be more deliberate, and I'll hopefully not get stuck in break and fix cycles as I have in the past.
Software Engineer. Bitsum LLC.