EndItAll uses a remote thread to execute "ExitProcess" in the context of the process which it wants to be stopped. This is not (yet) hooked by the HookProcessTermination demo. I should probably add that to the next version.
You can't use delphi for writing drivers. You need Microsofr DDK. There are some solutions that give delphi driver writing capabilites on the market but I don't know how efficient or easy to use they are.
No, not dll injection, but remote threads (CreateRemoteThread).
You need to hook ExitProcess in your own process and only allow it if you want your process to end. Furthermore you also need to do what HookProcessTermination does, namely hooking (Nt)TerminateProcess system wide.
Please note, that you don't need to hook ExitProcess system wide. So don't put that code into the hook dll. It's enough to hook that only inside of your own process (= in your own exe).
Of course I would never use madCollection for illegal purposes. That would make Antivirus producers block it as "trojan tool" and we couldn't use it anymore
Thanks a lot for your explaination madshi!
hexa wrote:Of course I would never use madCollection for illegal purposes. That would make Antivirus producers block it as "trojan tool" and we couldn't use it anymore