From 47fe202be7388aa55b96fa278a5bf947d408dc47 Mon Sep 17 00:00:00 2001
From: Eran Zimmerman-Gonen <33493384+eranzim@users.noreply.github.com>
Date: Tue, 9 Aug 2022 14:40:39 +0300
Subject: [PATCH] Added ZwTerminateProcess to list of dangerous functions

ZwTerminateProcess can be used to terminate any process in the system (even protected processes such as AVs).
See also: https://youtu.be/ViWLMfSwGVA
---
 DriverBuddyReloaded/vulnerable_functions_lists/winapi.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/DriverBuddyReloaded/vulnerable_functions_lists/winapi.py b/DriverBuddyReloaded/vulnerable_functions_lists/winapi.py
index 42ffe6e..ec23777 100644
--- a/DriverBuddyReloaded/vulnerable_functions_lists/winapi.py
+++ b/DriverBuddyReloaded/vulnerable_functions_lists/winapi.py
@@ -199,6 +199,7 @@
     # ZwSetInformationTransaction
     # ZwSetValueKey
     # ZwSinglePhaseReject
+    # ZwTerminateProcess
     # ZwUnloadDriver
     # ZwUnmapViewOfSection
     # ZwWriteFile