Attack Method: DLL/Code Injection
Description: The attacking process 'injects' a DLL or code into the memory space of another process, allowing the attacking process to remain alive in the context of an existing process. This stealthy trick is starting to be used more frequently by remote access trojans, and can also be used to alter the behaviour of programs. Injected code can also easily terminate its host process, providing another option for process termination. Firewall leaktests often use this technique to bypass firewalls, usually by injecting a DLL into an application that's generally trusted by firewalls (such as Internet Explorer). 

Attack Method: Process Termination via EIP Modification
Description: The attacking process suspends all threads in the target process and sets the value of the EIP register for each thread to the address of the ExitProcess function in kernel32.dll before allowing the threads to resume, causing the process to terminate.

Attack Method: Process Termination via CreateRemoteThread
Description: The attacking process creates a new thread in the target process which has a start address set to the address of the ExitProcess function in kernel32.dll, causing the process to terminate.  

Attack Method: Process Termination via TerminateThread
Description: The attacking process enumerates all threads in the target process and calls the TerminateThread function in kernel32.dll on each thread, causing the process to terminate when its last thread is terminated.

Attack Method: Process Suspension via SuspendThread
Description: The attacking process enumerates all threads in the target process and calls the SuspendThread function in kernel32.dll on each thread, causing the process to freeze.

Attack Method: Process Suspension/Termination via DebugActiveProcess
Description: The attacking process attaches to the target process as a debugger by using the DebugActiveProcess function in kernel32.dll, allowing the attacking process to both suspend and terminate the target process.

Attack Method: Process Termination via Window Close Messages
Description: The attacking process sends Window Close messages (such as WM_CLOSE, SC_CLOSE, WM_DESTROY) to all windows in the target process. This attack only works against applications that have windows but don't have any message handlers for the Window Close class of messages.

Attack Method: Process Termination via EndTask
Description: The attacking process locates a top-level (parent) window in the target process and sends its handle (identifier) to the EndTask function in user32.dll. This attack only works against applications that have windows.

SOLUTION: DiamondCS Process Guard easily prevents ALL of these attacks, because all of these process vs. process attacks have one thing in common - the attacking process has to open the target process to gain access to it before it can do anything with it, such as terminate it. DiamondCS Process Guard intervenes at this early stage by preventing the attacking process from accessing any protected processes (or any of their threads).

Related websites:
 APT: Advanced Process Termination
 ProcessGuard: Close Message Handling
 Sysinternals: PSSuspend
 MSDN: DebugActiveProcess
 MSDN: EndTask