Home/ Questions/Q 676457
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-14T00:55:47+00:00

Note: I’ve asked this question in a similiar format on superuser but it seems

  • 0

Note: I’ve asked this question in a similiar format on superuser but it seems like it may fit here on SO better.
It definitely also is about programming as it concerns parts of the Win32 API, Windows in general and process management.

So there are these processes that can’t be terminated with taskkill – system processes in general. But there also is, for example my Anti Virus program that makes itself “unterminateable”.

  • How can I access and mainly terminate system processes under windows? (kill.exe by Microsoft doesn’t work)

  • How do processes like anti-virus programs protect themselves? How can you turn them off again, then?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You will need API hooking to guard your process against termination. API hooking is not easy, as it requires either system-wide dll injection and memory editing or a device driver. Read this to get an idea.

    Luckily, there are existing libraries out there, like this one, which I think is shareware now unfortunately. I also found this, and you can probably find more freeware stuff on google.

    To answer your first question, terminating system processes is fairly easy. In C# using the Process.Kill method you can terminate system processes and cause a blue screen if doing it from a windows system service, at least on Windows 7 (I learned this the hard way…). Doing it using the TerminateProcess() function from outside a service will only work if you enable certain permissions: http://www.codase.com/search/call?name=AdjustTokenPrivileges – if I’m not mistaken you need to enable SE_DEBUG_NAME.

    To turn off your antivirus, well, they usually have a menu for that :). To forcefully terminate them, you’ll have to use a termination method that they don’t hook. This page describes a lot.

    Here’s a sample that can terminate the processes you want, supposing the used API functions aren’t hooked. DO NOT RUN THIS UNLESS YOU KNOW WHAT YOU’RE DOING AS IT CAN CAUSE A BLUE SCREEN!

    #include <stdio.h>
#include <windows.h>
#include <process.h>
#include <iostream>

using namespace std;

int EnablePrivilege(const char * lpPrivilegeName, BOOL bEnable)
{
    TOKEN_PRIVILEGES Privileges;
    ZeroMemory(&Privileges, sizeof(Privileges));

    HANDLE hToken;
    BOOL bResult;

    if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
        return 1;
    Privileges.PrivilegeCount = 1;
    Privileges.Privileges[0].Attributes = (bEnable) ? SE_PRIVILEGE_ENABLED : 0;
    if (!LookupPrivilegeValue(NULL, lpPrivilegeName,
                               &Privileges.Privileges[0].Luid))
    {


        CloseHandle(hToken);
        return 2;
    }
    bResult = AdjustTokenPrivileges(hToken, FALSE, &Privileges, sizeof(Privileges), NULL, NULL);
    CloseHandle(hToken);
    return bResult;
}

int main()
{
    cout << EnablePrivilege(SE_DEBUG_NAME, TRUE);

    HANDLE procHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, 500); // replace 500 with the PID of the process you want to terminate - can be taken from taskmanager.

    TerminateProcess(procHandle, 0);

    CloseHandle(procHandle);
}
    • 0