QueueUserAPC()
Using Asynchronous Procedure Calls (APC) (QueueUserAPC) to perform Remote Process Injection.
DWORD QueueUserAPC(
PAPCFUNC pfnAPC,
HANDLE hThread,
ULONG_PTR dwData
);
- Get a handle to an existing process on the system or create a new sacrificial process
OpenProcess()
CreateProcess()
CreateProcessAsUser()
- Allocate some memory in the chosen remote process
VirtualAllocEx()
- Write shell-code to the remote process, or write a DLL to the remote process
GetProcAddress()
LoadLibrary()
WriteProcessMemory()
- Queue a new procedure call in the remote process thread, and wait for it to be executed
Thread32First()
Thread32Next()
OpenThread()
QueueUserAPC()