- Modify the program's process to the system process
- Principles and the code is simple, it can prevent the Taskmgr to kill the process
- Valid only in XP.Prevent kill limited, can’t protective ice sword
- Reference
- hook NtQuerySystemInformation to hidden processes(ring 3 level)
- it can prevent the Task Manager to kill the process
- Valid only in NT2000. Not universal
- Principle is similar with HookNtQuerySystemInformation,hook OpenProcess to prevent kille.
- Valid in NT2000,xp and NT2003
- use detourslib,can't prevent some processes tools
- Hook Taskmgr,use CBT hook block end process message.
- Valid in and windows version(As of 2009)
- Only for the Taskmgr
- Two processes monitoring each other, found another prevent killed, start it.
- Versatile, protection capability, can protect Windows service program.
- Not really prevent killed, just rebooted.
- use drive’s ZwQuerySystemInformation hook,to do hide or prevent killed process.
- Strong ability, can protective ice sword
- Complex, right to drive will be identified as Trojan by anti-virus software