Kill 5 (DebugActiveProcess) Gets Past PG

Discussion in 'ProcessGuard' started by spm, Feb 25, 2004.

Thread Status:
Not open for further replies.
  1. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    I have one licence for PG, which I use on a WinXP machine successfully (apart from the PG startup error reported elsewhere).

    I am now evaluating it for use on a second machine, with a view to purchasing a second licence. This is a Win2K machine with PG 1.3 and the current driver beta.

    However, on this (Win2K) machine I find that the APT tester can terminate *any* protected process using the Kill 5 (DebugActiveProcess) method. I have all general protection options turned on for PG, and apt.exe is *not* a protected process.

    Why is this?
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Steve, It is a known bug on W2K machines and Jason is fully aware of it.

    Hopefully it will be fixed soon.

    HTH Pilli
     
  3. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    Thanks for the info, Pilli. Hopefully, then, Jason will confirm that this will be fixed in the next update...
     
  4. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    The reason DebugActiveProcess works on Win2K machines is a bit strange actually. It shows that some Microsoft code doesn't actually need all the access they say they do. I will try and get a fix for this in the next release, it is only a small issue.

    -Jason-
     
Thread Status:
Not open for further replies.