Menu
I know that protected process are all about protection and entirely made for blocking me doing so, but I've got a problem.
My problem is as follows:
I'm building a security tool that should, between other stuff, block some services from being launched/stopped etc.
The way I've did so is to hooking "services.exe" and detouring RStartService function. It worked perfectly on windows XP SP3.
But of course, It doesn't work on my windows 7 machine. I'm assuming the problem is the "protected processes" mechanism.
Is there a way to bypass this protection? (sign my application or something?)
895
The problem was NOT protected processes, but a problem with the injector.
Since Windows Vista, the interactive applications areno longer running in "session 0" while "services.exe" does run in "session 0". Cross sessions hooking is blocked since the big bang (or windows xp, I'm not sure which came first). It would be like a trying to hook a software on a different "remote desktop" session.
My injector was a console application, meaning it ran in in the interactive applications session which is why I got ERROR_ACCESS_DENIED .
A quick workaround will be to convert the injector into service, because services runs in "session 0".
73
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
