Description
The dwProcessGroupId parameter of GenerateConsoleCtrlEvent should be limited to process groups or the special group 0 that means all process attached to the console. If no process belongs to the given group ID, the call should fail with ERROR_INVALID_PARAMETER. This used to be the case (and the code I've read in ReactOS seems as simple as this), but at some point (XP?) it was changed to succeed for any process ID if it happens to be a child of a process that's attached to the console. I have to assume this was intentional, though I don't think any explanation could get me to agree with the intent.
If the target process is attached to the console, it behaves the same as the group 0 case, which contributes to misunderstandings about this function. Otherwise it's relatively benign. The truly weird and buggy aspect of this is that it succeeds for a child of a process that's attached to the console even if the child itself is not attached to the console (e.g. a non-console process, or one created with DETACHED_PROCESS, CREATE_NEW_CONSOLE, or CREATE_NO_WINDOW). In this case the call appears to do nothing. But on closer inspection, we see that the target process gets added to the console's process list (i.e. GetConsoleProcessList) even though it's not attached to the console, and in Process Explorer we see that conhost.exe has a handle for the process. If the process terminates, the console doesn't get notified, so this handle for a defunct process stays in the console's list. Apparently this puts the console's process list in a bad state. All processes that were added before the defunct process are subsequently invisible to GenerateConsoleCtrlEvent, even if we target group 0.