misrepresentative

Discussion on suspend action and preventing it?

2 posts in this topic

#1 ·  Posted (edited)

While playing around with Process Hacker and 'Suspend' action, I noticed that some processes cannot be suspended; but may killed and so on. My question (although it might seem crazy and it's only out of curiosity) is if it is possible to prevent suspending (eg access denied message) from a process such as Process Hacker that makes use of a kernel driver utilizing an user-mode process and without any DLL injection? I would really enjoy a discussion from you guys (being more qualified in programming than I am) or some links, docs, similar discussions. :D

Again, it's only out of curiosity. Appreciate your time (as always).

 

 

Edited by misrepresentative
corrected text only a bit

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

OK. I will start. Some say that it's not possible if PH driver was loaded before without doing any DLL injection. Any opinion? It seems true that you cannot prevent it from being terminated. Why would suspend action be prevented with some user mode applications without DLL injection? Is it any different..? :)

Edited by misrepresentative

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now