Disable external process' critical status - Printable Version +- Sinisterly (https://sinister.ly) +-- Forum: Coding (https://sinister.ly/Forum-Coding) +--- Forum: C, C++, & Obj-C (https://sinister.ly/Forum-C-C-Obj-C) +--- Thread: Disable external process' critical status (/Thread-Disable-external-process-critical-status)

Disable external process' critical status - Killpot - 06-30-2016 Yo. With this recent skids binded RAT being forced in here, I figured I would jump on the karma wave and help the maybe 1 or so people actually infected. The RAT reportedly set's itself as system critical, this means it will bluescreen you if you terminate the process. This is obviously annoying as it requires you to restart your computer to actually terminate the desired process. So I made a program in PureBasic that utilizes NtSetInformationProcess and ZwQueryInformationProcess to set and then check that the process is no longer critical, after this if you please you can traverse the process tree and hard terminate all child and parent process' under that PID with NtTerminateProcess. Here's source: Main: http://pastebin.com/XaDLM6mG SetCriticalFlag: http://pastebin.com/Uxa3cvGc Direct download to exe: https://a.sinister.ly/iphdhi.zip #PromiseNotARat