Jump to content
Sign in to follow this  
LVAC

Call Functions from ntoskrnl.exe ?

Recommended Posts

LVAC

I want to call "ZwterminateProcess" function in C:\WINDOWS\system32\ntoskrnl.exe, but I cannot call it by dllcall. Can you give me some code to do it?

Share this post


Link to post
Share on other sites
Richard Robertson

That function is intended for driver use. Not user mode applications.

Share this post


Link to post
Share on other sites
LVAC

Cannot call that function?

Share this post


Link to post
Share on other sites
Richard Robertson

Yes and no. Yes, it can be called if done correctly. No you shouldn't call it. Use ProcessClose() in AutoIt instead. Or TerminateProcess() in the WinApi if not using AutoIt.

Share this post


Link to post
Share on other sites
electrico

Richard Robertson, I am enjoying your answers >_

Share this post


Link to post
Share on other sites
Richard Robertson

Richard Robertson, I am enjoying your answers >_<

May I ask in what way?

Share this post


Link to post
Share on other sites
LVAC

I want to write a new program for security, ProcessClose() in AutoIt cannot kill some strong program of virus. So I want to call some function like that >_< How to call it?

Share this post


Link to post
Share on other sites
Jos

I want to write a new program for security, ProcessClose() in AutoIt cannot kill some strong program of virus. So I want to call some function like that >_< How to call it?

Use a good AV packages and lets not good in much more details here since that could be used by other with less good intentions.

Jos


Visit the SciTE4AutoIt3 Download page for the latest versions  - Beta files                                How to post scriptsource        Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites
Richard Robertson

I want to write a new program for security, ProcessClose() in AutoIt cannot kill some strong program of virus. So I want to call some function like that >_< How to call it?

Like I said the first time. That function is intended for DRIVERS.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×