Logo

Want to know how Antivirus and rootkits protect themselves from being terminated? You might have tried running Windows Task Manager and find it impossible to kill avp.exe by Kaspersky. This is because the process is being protected by a higher privilege, the kernel.  This article assume that you know how to write using Windows Driver Kit.

Article: http://unlmtd.wordpress.com/2007/07/27/protecting-by-hooking-zwopenprocess/