Kill Process

c++ / delphi package - dll injection and api hooking
Post Reply
pambol
Posts: 50
Joined: Sat Jun 23, 2018 1:15 am

Kill Process

Post by pambol »

How i can kill a process without use windows apis (ExitProcess, TerminateProcess, ZwXXX, NtXXX)? like simulate a app crash.
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: Kill Process

Post by madshi »

For which purpose?
pambol
Posts: 50
Joined: Sat Jun 23, 2018 1:15 am

Re: Kill Process

Post by pambol »

close my own process if someone hook ExitProcess, ZwTerminateProcess and RtlExitUserProcess.
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: Kill Process

Post by madshi »

Oh, you want to crash your own process from within your own process? That's very easy. E.g. you could use SetThreadContext to set EIP to NULL for all threads (or at least the main thread). Or you could memset the callstack of each thread. Or you could unprotect (VirtualProtect) the ntdll.dll code section and memset it. Etc etc, there are a million ways.
pambol
Posts: 50
Joined: Sat Jun 23, 2018 1:15 am

Re: Kill Process

Post by pambol »

what is more easy and they can't hook to prevent it?
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: Kill Process

Post by madshi »

Clearing your own thread's callstack should be possible without even calling any APIs. Just check ESP register and clear around it.
Post Reply