QueueUserAPC()

Using Asynchronous Procedure Calls (APC) (QueueUserAPC) to perform Remote Process Injection.

DWORD QueueUserAPC(
  PAPCFUNC  pfnAPC,
  HANDLE    hThread,
  ULONG_PTR dwData
);

Get a handle to an existing process on the system or create a new sacrificial process
- OpenProcess()
- CreateProcess()
- CreateProcessAsUser()
Allocate some memory in the chosen remote process
- VirtualAllocEx()
Write shell-code to the remote process, or write a DLL to the remote process
- GetProcAddress()
- LoadLibrary()
- WriteProcessMemory()
Queue a new procedure call in the remote process thread, and wait for it to be executed
- Thread32First()
- Thread32Next()
- OpenThread()
- QueueUserAPC()

Last updated 3 years ago