SetThreadContext()

Use SetThreadContext() to perform Remote Process Injection.

​https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-setthreadcontext​
BOOL SetThreadContext(
  HANDLE        hThread,
  const CONTEXT *lpContext
);
Get a handle to an existing process on the system or create a new sacrificial process
OpenProcess()
CreateProcess()
CreateProcessAsUser()
Get a Handle to the thread of the process
OpenThread()
Allocate some memory in the chosen remote process
VirtualAllocEx()
Get the current thread context
GetThreadContext()
Write shell-code to the remote process, or write a DLL to the remote process
GetProcAddress()
LoadLibrary()
WriteProcessMemory()
Update EIP/RIP for the thread to our shell-code
SetThreadContext()

Remote Process Injection - Previous

SetWindowsHookEx()

Next - Remote Process Injection

Process Hollowing

Last modified 2yr ago