Page 1 of 1
Kill Process
Posted: Thu Jul 05, 2018 2:49 am
by pambol
How i can kill a process without use windows apis (ExitProcess, TerminateProcess, ZwXXX, NtXXX)? like simulate a app crash.
Re: Kill Process
Posted: Thu Jul 05, 2018 6:31 am
by madshi
For which purpose?
Re: Kill Process
Posted: Thu Jul 05, 2018 9:41 pm
by pambol
close my own process if someone hook ExitProcess, ZwTerminateProcess and RtlExitUserProcess.
Re: Kill Process
Posted: Thu Jul 05, 2018 10:28 pm
by madshi
Oh, you want to crash your own process from within your own process? That's very easy. E.g. you could use SetThreadContext to set EIP to NULL for all threads (or at least the main thread). Or you could memset the callstack of each thread. Or you could unprotect (VirtualProtect) the ntdll.dll code section and memset it. Etc etc, there are a million ways.
Re: Kill Process
Posted: Thu Jul 05, 2018 10:42 pm
by pambol
what is more easy and they can't hook to prevent it?
Re: Kill Process
Posted: Thu Jul 05, 2018 10:47 pm
by madshi
Clearing your own thread's callstack should be possible without even calling any APIs. Just check ESP register and clear around it.