What are the particular ways to block a process to get terminated by TerminateProcess and in return blocks another process from reading from that certain application.?? VirtualProtectEx?
Posted on 2005-09-01 08:17:10 by shism2
It has to do with access tokens, and removing them. Word Of Warcraft does this to make life harder for botmakers etc.
Posted on 2005-09-01 10:22:08 by f0dder
How would you define access tokens?
Posted on 2005-09-01 11:36:28 by shism2
Answer to TerminateProcess() part:  You cannot.

Raymond Chen of MS explained the reason in his blog some time ago.  But, you don't need to search his blog for the explanation.  Just think about it.  If it is allowed, it is even possible that the OS kernel cannot shut down a process, and the machine will be in "permanent hang" state.
Posted on 2005-09-01 16:03:33 by Starless
Well there is a plugin for the Debugger Ollydbg which disallows the process from being terminated via TerminateProcess api... I tried using ReadProcessmemory on ollydbg .... It didn't return a value even for the handle( it returned an invalid handle when plugin was on)>
Posted on 2005-09-01 17:10:55 by shism2