Home > OS >  Windows in how to determine whether a process is terminated by other processes, or their normal exit
Windows in how to determine whether a process is terminated by other processes, or their normal exit

Time:09-28

Windows in how to determine whether a process is terminated by other processes, or their normal exit
To solve, thank you!

CodePudding user response:

If it is normal, it must be the main thread execution returns, everything is very natural,

If be end, R3 layer can inject global HOOK NTDLL TerminateProcess, R0 layer can HOOK SSDT NtTerminateProcess, to monitor, which process do

If you don't care about who the killer is, can the inline to determine the main thread to return to position,

CodePudding user response:

You need to look at this, although it is in English, but really useful,
https://techibee.com/sysadmins/find-out-who-killed-a-process-in-windows/2286

Page link:https//www.codepudding.com/os/38853.html

Prev:VMware Workstation install 15 rolled back
Next:Windows server 2012 administrators group permissions problem
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding