misrepresentative Posted December 13, 2016 Share Posted December 13, 2016 (edited) While playing around with Process Hacker and 'Suspend' action, I noticed that some processes cannot be suspended; but may killed and so on. My question (although it might seem crazy and it's only out of curiosity) is if it is possible to prevent suspending (eg access denied message) from a process such as Process Hacker that makes use of a kernel driver utilizing an user-mode process and without any DLL injection? I would really enjoy a discussion from you guys (being more qualified in programming than I am) or some links, docs, similar discussions. Again, it's only out of curiosity. Appreciate your time (as always). Edited December 13, 2016 by misrepresentative corrected text only a bit Link to comment Share on other sites More sharing options...
misrepresentative Posted December 13, 2016 Author Share Posted December 13, 2016 (edited) OK. I will start. Some say that it's not possible if PH driver was loaded before without doing any DLL injection. Any opinion? It seems true that you cannot prevent it from being terminated. Why would suspend action be prevented with some user mode applications without DLL injection? Is it any different..? Edited December 13, 2016 by misrepresentative Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now