DLL Injection with SetThreadContext

September 5, 2017

There are several techniques available for injecting a DLL into a process. Each has its own strengths and drawbacks. The simplest one uses the CreateRemoteThread function to create a new thread in the target process and point the thread's start function to the the LoadLibrary function, as LoadLibray and a thread's starting function have the same prototype from a binary perspective (both accept a pointer). This method is the easiest to use but also the most visible. Creating a new thread can be "noticed" in several ways, such as with an ETW event. If a driver is present and is hooking...
no comments