I was wondering how it is that some programs are "unkillable", that is, not just by sending window messages, but by something like TerminateProcess. How is this possible? An example of this is Norton Antivirus, or McAfee VirusScan. In Win2k, trying to kill Mcshield.exe with the task manager gives error:
"Access is denied".

Any help on how to make a process "unkillable" (just out of interest) in this way would be helpful. :)

- Fourfty
Posted on 2002-02-04 11:02:03 by Fourfty
Even as administrator, you don't have *all* privileges. I don't know
exactly which privileges you don't have, so I don't know if this could
be the reason... but I think it's a good bet.
Posted on 2002-02-04 11:22:06 by f0dder
try "pskill" (pstools) from: http://www.sysinternals.com
Posted on 2002-02-04 11:33:35 by elmenda
Those programs are probably services. You can kill them by attaching the debugger and then detaching (and thus killing) it. For those processes, you need debug privileges to kill them.
I don't think you can make an really 'unkillable' process.

Posted on 2002-02-04 11:55:22 by Thomas

I use for kill "unkillable app" Spy v2.70 (for Win9X) and "Misc" tab very usefull for sends "WM_" commands with lparam & wparam.

have nice day.
Posted on 2002-02-04 12:08:53 by CYDONIA
herr Merwerdich-liebe, ;)

you maybe would like to take a look in a app i wrote called hideproc, that is in iczelion's site. the program hidden under that scheme is hard to kill, coz is hard to get his process handle.


ps: you can also hook TerminateProcess()-like apis, and deny access to your process

pps: is a sort of doomsday device? ;)
Posted on 2002-02-04 12:42:07 by ancev
thanks all... i'm not trying to kill an unkillable process for any reason, I just saw some and wondered how it was done. Ancev: I will check out your app - thanks!

Mein fuhrer... I can walk!!
Posted on 2002-02-05 05:09:36 by Fourfty