Kill Process
Kill Process
How i can kill a process without use windows apis (ExitProcess, TerminateProcess, ZwXXX, NtXXX)? like simulate a app crash.
Re: Kill Process
For which purpose?
Re: Kill Process
close my own process if someone hook ExitProcess, ZwTerminateProcess and RtlExitUserProcess.
Re: Kill Process
Oh, you want to crash your own process from within your own process? That's very easy. E.g. you could use SetThreadContext to set EIP to NULL for all threads (or at least the main thread). Or you could memset the callstack of each thread. Or you could unprotect (VirtualProtect) the ntdll.dll code section and memset it. Etc etc, there are a million ways.
Re: Kill Process
what is more easy and they can't hook to prevent it?
Re: Kill Process
Clearing your own thread's callstack should be possible without even calling any APIs. Just check ESP register and clear around it.