Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: W2k: Unkillable Applications

From: Chris Adams <chris () improbable org>
Date: Tue, 17 Jul 2001 09:58:40 -0700
on 2001-07-17 09:20, Justin Nelson at security () jm4n com wrote:


cannot confirm that. I renamed one of my applications to
Winlogon.exe and succeeded to kill it without any problem
with taskmanager.


Under Windows 2000 Pro, I made a copy of "notepad.exe" renamed to
"winlogon.exe", and could not kill it via the Task Manager. Both the 'kill'
command and the VC++ debugger were able to kill it.


Task Manager is really inconsistent - I renamed a copy of notepad to
winlogon.exe. If I start it and try to kill it through the "Applications"
tab of the task manager, it will be killed as normal. If I try to kill it
through the "Processes" tab, task manager won't let me.

I might be worth seeing exactly what triggers this behaviour in the task
manager - the application tab might have a different filtering criteria
(e.g. is it strictly ACL-based or might it be looking at something like the
original filename attribute in the exe header?). In any case, a malicious
attacker could simply make a program which doesn't open a window, which
would cause it not to show up in the Applications tab.
Previous By Date Next
Previous By Thread Next

Current thread: