Hi All,
I’ve an NT service that is the main interface to a krnl-mode driver.
Service has threading, so it can have some threads, when the system
bugchecks, and I look thru !process under windbg, I see a thread of this
serives is owned by a different process, that no longer exist in the process
table.
IS THERE SOME WAY THAT THREAD OWNERSHIP CAN BE CHANGED ???
-prokash
Yes - by corrupting memory.
Since I never used remote threads, this also might be the case -
i.e. some process used CreateRemoteThread into that service, but I doubt
this is so.
–
Kind regards, Dejan M. www.alfasp.com
E-mail: xxxxx@alfasp.com ICQ#: 56570367
Alfa File Monitor - File monitoring library for Win32 developers.
Alfa File Protector - File protection and hiding library for Win32
developers.