Bugtraq mailing list archives
Re: W2k: Unkillable Applications
From: Chris Adams <chris () improbable org>
Date: Tue, 17 Jul 2001 09:58:40 -0700
on 2001-07-17 09:20, Justin Nelson at security () jm4n com wrote:
cannot confirm that. I renamed one of my applications to Winlogon.exe and succeeded to kill it without any problem with taskmanager.Under Windows 2000 Pro, I made a copy of "notepad.exe" renamed to "winlogon.exe", and could not kill it via the Task Manager. Both the 'kill' command and the VC++ debugger were able to kill it.
Task Manager is really inconsistent - I renamed a copy of notepad to winlogon.exe. If I start it and try to kill it through the "Applications" tab of the task manager, it will be killed as normal. If I try to kill it through the "Processes" tab, task manager won't let me. I might be worth seeing exactly what triggers this behaviour in the task manager - the application tab might have a different filtering criteria (e.g. is it strictly ACL-based or might it be looking at something like the original filename attribute in the exe header?). In any case, a malicious attacker could simply make a program which doesn't open a window, which would cause it not to show up in the Applications tab.
Current thread:
- W2k: Unkillable Applications Thomas Zehetbauer (Jul 16)
- Re: W2k: Unkillable Applications Chad Loder (Jul 16)
- RE: W2k: Unkillable Applications Kaido Karner (Jul 17)
- <Possible follow-ups>
- RE: W2k: Unkillable Applications Snow, Corey (Jul 16)
- RE: W2k: Unkillable Applications Kaido Karner (Jul 17)
- Re: W2k: Unkillable Applications Justin Nelson (Jul 17)
- Re: W2k: Unkillable Applications Chris Adams (Jul 17)
- Re: W2k: Unkillable Applications Alun Jones (Jul 17)
- Re: W2k: Unkillable Applications Chris Adams (Jul 17)
- Re[2]: W2k: Unkillable Applications Phaedrus (Jul 17)
- Re: Re[2]: W2k: Unkillable Applications Bronek Kozicki (Jul 18)
- RE: W2k: Unkillable Applications Kaido Karner (Jul 17)
- Re[2]: W2k: Unkillable Applications Dimitry Andric (Jul 17)
- RE: W2k: Unkillable Applications Andy Cristina (Jul 17)
- RE: W2k: Unkillable Applications Toomas Kiisk (Jul 18)
- RE: W2k: Unkillable Applications David LeBlanc (Jul 19)