Injecting code into remote process

In this article, I want to talk about CreateRemoteThread function and how to use it in order to inject some code on a remote process.

From MSDN, this function permits to create a thread that runs in the virtual address space of another process.

Essentially, we can execute a remote thread from a process to another process. Obviously  the remote thread will reside in the virtual address space of the remote process.

In addiction to this, Windows provides another interesting functions : VirtualAllocEx and WriteProcessMemory.

The first function reserves a memory area within the virtual address space of a specific process, and the second function, as its name suggests, writes on a memory area of a specified process.

Essentially, only using these functions, we can execute custom code on a remote process. The most popular technique to do this is DLL Injection.

Continue reading