|
You can try to use "rootkit" technics and remove thread from scheduler list (see recent articles at rootkit.com how to do it). If you control scheduler you decide whether system thread is runnable or not now. Anyway suspending some system threads maybe extremely dangerous and cause immediate exception (and BSOD also), so you should check thread's IRQL.
|