Using CreateRemoteThread() to perform Remote Process Injection.

HANDLE CreateRemoteThread(
  HANDLE                 hProcess,
  LPSECURITY_ATTRIBUTES  lpThreadAttributes,
  SIZE_T                 dwStackSize,
  LPVOID                 lpParameter,
  DWORD                  dwCreationFlags,
  LPDWORD                lpThreadId
  • Get a handle to an existing process on the system or create a new sacrificial process

    • OpenProcess()

    • CreateProcess()

    • CreateProcessAsUser()

  • Allocate some memory in the chosen remote process

    • VirtualAllocEx()

  • Write shell-code to the remote process

    • WriteProcessMemory()

  • Start a new thread inside the remote process, pointing the entry address to our shell-code

    • CreateRemoteThread()

    • NtCreateThreadEx()

    • RtlCreateUserThread()

Last updated