Hi,
I am in need of trying to give access denied message to any-users who try to end my processes. I have made a Anti-Virus which uses heuristics to detect any malicious programs running. This worked flawlessly but now I need to make sure my Process cannot be terminated. Most Anti-Viruses today tend to hook into functions such as:
ZwOpenProcess(), NtOpenProcess(), NtTerminateProcess() Or even NtQuerySystemInformation() , ZwQuerySystemInformation().
These is sometimes considered crude way of stopping user from terminating it's process , Not only that but all Zw*() functions are kernel level mode functions and I am very new to programming or subverting into the kernel. This is also same path Malware or Trojans tend to do as well. I personally do not want to use what Malware & Trojans do since if I hook a same functions as a other Anti-Virus It can lead to BSOD (Blue Screen Of Death). I so looked through many pages of Google about other ways I can do the same function , to stop users form terminating my process, I finally found a function called 'SetSecurityInfo()'. I was happy that I found such a function which allows me to do exactly what I wish. But I do not know how to use the Function. Can somebody give me a simple tutorial or code snippet showing how I can use SetSecurityInfo() safely.
I first tried to hook such functions but this result in my software being detected by a AV (Anti-Virus).
Thanks.