Wireshark-dev: Re: [Wireshark-dev] How to properly finalize capture in a Wireshark extcap plugi

From: Guy Harris <gharris@xxxxxxxxx>
Date: Mon, 23 Nov 2020 14:57:49 -0800
On Nov 23, 2020, at 7:09 AM, Timmy Brolin <tib@xxxxxx> wrote:

> Reading up on it a bit, turns out there is no such thing as SIGTERM in Windows.

Correct.

> There seems to exist several alternative ways of doing it in Windows.
> 
> Such as sending WM_QUIT or WM_CLOSE on the message queue,

This assumes that the program you're trying to tell to terminate *has* a message queue to which it pays attention.

Extcap programs are character-mode (console) programs, not windows programs; unless there's some hidden thread that's listening to a Windows message queue in those programs, they won't see that message.

> or CTRL_BREAK_EVENT via SetConsoleCtrlHandler().

According to a comment in sig_pipe_kill() in capchild/capture_sync.c:

        /* Remark: This is not the preferred method of closing a process!
         * the clean way would be getting the process id of the child process,
         * then getting window handle hWnd of that process (using EnumChildWind$
         * and then do a SendMessage(hWnd, WM_CLOSE, 0, 0)
         *
         * Unfortunately, I don't know how to get the process id from the
         * handle.  OpenProcess will get an handle (not a window handle)
         * from the process ID; it will not get a window handle from the
         * process ID.  (How could it?  A process can have more than one
         * window.  For that matter, a process might have *no* windows,
         * as a process running dumpcap, the normal child process program,
         * probably does.)
         *
         * Hint: GenerateConsoleCtrlEvent() will only work if both processes are
         * running in the same console; that's not necessarily the case for
         * us, as we might not be running in a console.
         * And this also will require to have the process id.
         */

so that might not work either.