26Şub
WinAPI legit usecase for setting PPID
I am studying malware development right now (exclusively WinAPI) and reached the topic of PPID spoofing. I understand the concept and why it is useful, however I do not understand why is it possible in the first place. Could anybody give me a few legit examples of why this is allowed and why isn't it something that would trigger an alarm immediately?