- Terminating a process in kernel mode
- Posted by euacela on August 26th, 2005
Hello,
I was wondering is there a way to enumerate the current processes
running on a machine in kernel mode and kill a process. I know that I
can only get the current process using PsGetCurrentProcess(), but no
other killing process function 
- Posted by Maxim S. Shatskih on August 26th, 2005
Try NtTerminateProcess
The prototype can be easily found by reverse-engineering kernel32
TerminateProcess
--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
maxim@storagecraft.com
http://www.storagecraft.com
"euacela" <eu_acela@yahoo.com> wrote in message
news:1125086304.523578.52000@o13g2000cwo.googlegro ups.com...
- Posted by Andy on August 26th, 2005
you could enumerate the processes with NtQuerySystemInformation with
SystemProcessesAndhreadsInformation.
also, you could find other ways at rootkit.com, there are few more way you
can eumerate the processes
Thanks
andy
"euacela" <eu_acela@yahoo.com> wrote in message
news:1125086304.523578.52000@o13g2000cwo.googlegro ups.com...
