I'm studying Windows Internals. In fact, there's no similar _exit system call like in *nix.
The process should terminate itself with TerminateProcess/NtTerminateProcess.
ExitProcess/RtlExitUserProcess API doing some cleanup before self-terminate.
TerminateProcess/NtTerminateProcess work with GetCurrentProcess/NtCurrentProcess/(HANDLE)-1.
But when I try it with GetCurrentProcessId/gs:[0x40] it didn't work.
#include <windows.h>
int main(void)
{
TerminateProcess(GetCurrentProcess(), 0); // work
TerminateProcess(GetCurrentProcessId(), 0); // didn't work
}
mov rcx, -1
xor edx, edx
call TerminateProcess
; this one is working
call GetCurrentProcessId
mov ecx, eax
xor edx, edx
call TerminateProcess
; this one didn't work
Why Windows processes must self terminate itself with GetCurrentProcess and can't work with GetCurrentProcessId ?
The documentation for TerminateProcess() clearly says that it takes a process handle, whereas GetCurrentProcessID() returns a process ID instead. Why would you expect that ID to work?
One comment of yours seems to suggest that you think a process HANDLE is the same as a process ID. Clearly that is not true, otherwise GetCurrentProcess() and GetCurrentProcessID() would not exist as separate APIs.
In fact, GetCurrentProcess() actually returns 0xffffffff.
The docs say:
The return value is a pseudo handle to the current process.