Bugtraq mailing list archives
W2k: Unkillable Applications
From: Thomas Zehetbauer <thomasz () hostmaster org>
Date: Mon, 16 Jul 2001 18:59:21 +0200
Task Manager in Windows 2000 refuses to kill any process named - winlogon.exe - csrss.exe - smss.exe - services.exe showing a message box stating that this is a critical system process and cannot be ended by task manager. Although these processes were and are still protected by their ACL (Access Control List) Microsoft is now using case-insensitive string comparison to determine whether a process belongs to the operating system. You can now call you favorite trojan winlogon.exe and task manager will not only refuse to terminate it but will also incorrectly state that it is a critical system process. Regards Tom -- T h o m a s Z e h e t b a u e r ( TZ251 ) PGP encrypted mail preferred - KeyID 96FFCB89 mail pgp-key-request () hostmaster org
Attachment:
_bin
Description:
Current thread:
- W2k: Unkillable Applications Thomas Zehetbauer (Jul 16)
- Re: W2k: Unkillable Applications Chad Loder (Jul 16)
- RE: W2k: Unkillable Applications Kaido Karner (Jul 17)
- <Possible follow-ups>
- RE: W2k: Unkillable Applications Snow, Corey (Jul 16)
- RE: W2k: Unkillable Applications Kaido Karner (Jul 17)
- Re: W2k: Unkillable Applications Justin Nelson (Jul 17)
- Re: W2k: Unkillable Applications Chris Adams (Jul 17)
- Re: W2k: Unkillable Applications Alun Jones (Jul 17)
- Re: W2k: Unkillable Applications Chris Adams (Jul 17)
- Re[2]: W2k: Unkillable Applications Phaedrus (Jul 17)
- Re: Re[2]: W2k: Unkillable Applications Bronek Kozicki (Jul 18)
- RE: W2k: Unkillable Applications Kaido Karner (Jul 17)