Injecting code into remote process

In this article, I want to talk about CreateRemoteThread function and how to use it in order to inject some code on a remote process.

From MSDN, this function permits to create a thread that runs in the virtual address space of another process.

Essentially, we can execute a remote thread from a process to another process. Obviously  the remote thread will reside in the virtual address space of the remote process.

In addiction to this, Windows provides another interesting functions : VirtualAllocEx and WriteProcessMemory.

The first function reserves a memory area within the virtual address space of a specific process, and the second function, as its name suggests, writes on a memory area of a specified process.

Essentially, only using these functions, we can execute custom code on a remote process. The most popular technique to do this is DLL Injection.

Continue reading

First from new blog

Hello and welcome to this new adventure.

In the last few years I have been very busy with work and with university and I didn’t have time to update the site, so I decided to close it and open this blog.

Managing a blog is simpler and I can write about my studies or my discoveries whenever I can.