Bugtraq mailing list archives
Re[2]: W2k: Unkillable Applications
From: Dimitry Andric <dim () xs4all nl>
Date: Tue, 17 Jul 2001 22:07:55 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2001-07-17 at 18:58:40 Chris Adams wrote: CA> I might be worth seeing exactly what triggers this behaviour in the task CA> manager - the application tab might have a different filtering criteria CA> (e.g. is it strictly ACL-based or might it be looking at something like the CA> original filename attribute in the exe header?). The names of the executables are hardcoded in taskmgr.exe, and form the following list: services.exe smss.exe winlogon.exe csrss.exe If the name of an executable in the Processes tab matches any of this list, Task Manager refuses to kill it. In short, renname your trojan to any of the above. ;-) It is a strangely implemented feature, because you might consider many other processes not in this list "critical system processes", such as lsass.exe, svchost.exe, etc. You can try to kill these, but you will simply get Access Denied, since Task Manager tries OpenProcess(), which fails. Cheers, - -- Dimitry Andric <dim () xs4all nl> PGP Key: http://www.xs4all.nl/~dim/dim.asc Fingerprint: 7AB462D2CE35FC6D42394FCDB05EA30A2E2096A3 -----BEGIN PGP SIGNATURE----- Version: PGP 6.5i Comment: http://www.gn.apc.org/duncan/stoa_cover.htm iQA/AwUBO1SNErBeowouIJajEQKJzwCfaqkiAHPd+b/F1QQb3hoy2e2vhTAAn0d8 JRcFko4dUhFxsVkYVwtsFtQn =CigK -----END PGP SIGNATURE-----
Current thread:
- Re: W2k: Unkillable Applications, (continued)
- Re: W2k: Unkillable Applications Chad Loder (Jul 16)
- RE: W2k: Unkillable Applications Kaido Karner (Jul 17)
- RE: W2k: Unkillable Applications Snow, Corey (Jul 16)
- RE: W2k: Unkillable Applications Kaido Karner (Jul 17)
- Re: W2k: Unkillable Applications Justin Nelson (Jul 17)
- Re: W2k: Unkillable Applications Chris Adams (Jul 17)
- Re: W2k: Unkillable Applications Alun Jones (Jul 17)
- Re: W2k: Unkillable Applications Chris Adams (Jul 17)
- Re[2]: W2k: Unkillable Applications Phaedrus (Jul 17)
- Re: Re[2]: W2k: Unkillable Applications Bronek Kozicki (Jul 18)
- RE: W2k: Unkillable Applications Kaido Karner (Jul 17)
- Re[2]: W2k: Unkillable Applications Dimitry Andric (Jul 17)
- RE: W2k: Unkillable Applications Andy Cristina (Jul 17)
- RE: W2k: Unkillable Applications Toomas Kiisk (Jul 18)
- RE: W2k: Unkillable Applications David LeBlanc (Jul 19)