fix #76

[Eran-YT]

This should fix #76 , and probably #77 as well, @Neo23x0 can you verify?

[Neo23x0]

It fixes the suspended zombie processes, yes.

However, the behavior of the tool changes:

Without Raccine

With Raccine (I have to press ENTER so that it returns to the cmd.exe session)

[Eran-YT]

@Neo23x0 it works now

[JohnLaTwC]

@Neo23x0, do you knwo why there is this sleep in raccine.cpp: void find_and_kill_processes(bool log_only, const std::wstring& sCommandLine, std::wstring& sListLogs) std::this_thread::sleep_for(std::chrono::seconds(5)); <<<<< should be removed

[Eran-YT]

Can you explain what is going on at the C++ layer with this change? In particular, why temporary variables were allocated and destroyed for out parameters that are pass by reference? Is there some C++ documentation that explains what/why this is happening?

What happened is that the assignment operator create a temporary that closed the handle when it was assigned, this way the handle wrappers are only created in the return, and so don't close the handles

[Eran-YT]

@Neo23x0, do you knwo why there is this sleep in raccine.cpp: void find_and_kill_processes(bool log_only, const std::wstring& sCommandLine, std::wstring& sListLogs) std::this_thread::sleep_for(std::chrono::seconds(5)); <<<<< should be removed

No, is used to be a Sleep(5000), so I replaced it with the C++ equivalent, but I don't know why is was there in the first place

[Neo23x0]

It now looks like this (no malicious cmdline). I have to press return, to proceed.

[JohnLaTwC]

@Neo23x0, remove this line: https://github.com/Neo23x0/Raccine/blob/87c9700cf9fdafadf10168c9c1e3422dda5ac606/source/RaccineLib/raccine.cpp#L467

raccine.cpp: std::this_thread::sleep_for(std::chrono::seconds(5));

[Eran-YT]

Sorry, that was a debug aid that I didn't remove

[Neo23x0]

Okay, this seems to work. Let me do some more tests.