Closed hitgubmitt closed 4 years ago
TechnikEmpire
commented
4 years ago 'Sc stop Windivert1.4' or whatever version it is. Sc query should give you a list of all running services if you cant find the exact version.
Stopping any wfp driver like that can randomly screw it up and the next time you try to load it, it'll give the windows error code for file not found. Once that happens then you definitely need to reboot.
TechnikEmpire
commented
4 years ago If you use the winapi services api to fully shut down the driver, you are less prone to that weird file not found issue. But you need to pinvoke and google how to do that. If it's just for dev, stick to the sc stop command.
hitgubmitt
commented
4 years ago Thank you! I'd never found this because, WinDivert1.4 service in not visible from Services. Also sc query does not list it. Only if command is issued with service name sc query WinDivert1.4 than it finds it successfully. Do you know why is that?
So far no strange behaviour with sc stop.
Hi Jesse!
I am trying to delete WinDivert64.sys file and the system complains it is still in use. CitadelCore is of course terminated. What is the reason for this behaviour?
Currently, the only way I found is to restart computer. What is the programmatic approach?