'Can a critical process be made non-critical and then terminated?
Are we able to change an already critical process to non critical using RtlSetProcessIsCritical, for example svchost, into being considered as not critical by Windows? If so, what would happen if we were to set an important process as non-critical and terminate it?
This isn't something I plan to test or really use, more of just a random thought as to what would happen if we could terminate a critical process without a blue screen.
Solution 1:[1]
In user-mode, no.
A kernel driver could flip a bit in the process structure but this is not a good idea.
If you want to try it just for fun, setup yourself to do kernel debugging and look at the EPROCESS of your target process.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Anders |