Process Hacker Discussion Forum

How does processhacker kill/terminate processes that I can't as the SYSTEM account???

Post Reply
 
HOOOOW??

How does processhacker kill/terminate processes that I can't as the SYSTEM account???

19 Dec 2017 12:34

How does processhacker terminate processes that I can't as the SYSTEM account
https://gyazo.com/e7eb562a1954661ea20e2ca1a01dbdcd (Pic related)
Top
 
User avatar
diversenok
Contributor
Posts: 49
Joined: 26 Jun 2017 17:55
OS: Windows 7 x64
Contact:
Contact diversenok

Re: How does processhacker kill/terminate processes that I can't as the SYSTEM account???

19 Dec 2017 19:19

Process Hacker has it's own driver that works in kernel mode and has more privileges than the SYSTEM account.
Top
 
User avatar
TETYYS
Contributor
Posts: 516
Joined: 23 Apr 2013 10:37
OS: Win 10 x64

Re: How does processhacker kill/terminate processes that I can't as the SYSTEM account???

25 Dec 2017 23:59

Your process is probably being manipulated by a driver or it's got this: https://msdn.microsoft.com/en-us/librar ... s.85).aspx
diversenok wrote: 19 Dec 2017 19:19
Process Hacker has it's own driver that works in kernel mode and has more privileges than the SYSTEM account.
More like, in driver, there are no permission checks performed
Top
 
User avatar
Unc3nZureD
Member
Posts: 16
Joined: 19 Jun 2014 16:45
OS: Loads of OS-es

Re: How does processhacker kill/terminate processes that I can't as the SYSTEM account???

01 Jan 2018 19:29

Kinda necro-post, but I would first disable the kernel driver. If it can still terminate, then it's NOT a driver thingie. Who knows, maybe some hook... If it deosn't work either, then others are right, it's the driver :)
Top
Post Reply