CreateRemoteThread

Programming, for all ages and all languages.
Post Reply
icealys
Member
Member
Posts: 60
Joined: Mon Feb 17, 2014 3:54 pm

CreateRemoteThread

Post by icealys »

Hi, I want to know how createremotethread works behind the scenes because it doesn't all make sense to me as to why you need to allocate memory for a dllname within the remote process when you want to inject a dll. In createremotethread you pass the handle to the process along with the loadlibrary address and a parameter to loadlibrary. Why can't you just allocate some space in the injector and send the pointer of that address space to the createremotethread function instead of using virtualallocex and writeprocessmemory?
User avatar
sortie
Member
Member
Posts: 931
Joined: Wed Mar 21, 2012 3:01 pm
Libera.chat IRC: sortie

Re: CreateRemoteThread

Post by sortie »

icealys
Member
Member
Posts: 60
Joined: Mon Feb 17, 2014 3:54 pm

Re: CreateRemoteThread

Post by icealys »

yes sir.
icealys
Member
Member
Posts: 60
Joined: Mon Feb 17, 2014 3:54 pm

Re: CreateRemoteThread

Post by icealys »

basically I was wanting to know if the loadlibrary function gets its parameter directly from the memory location you specify in createremotethread, and how does it work differently when calling loadlibrary inside a process and not remotely?
icealys
Member
Member
Posts: 60
Joined: Mon Feb 17, 2014 3:54 pm

Re: CreateRemoteThread

Post by icealys »

I think I know what I want to ask now after doing some research. How does createthread and createremotethread pass parameters to the function that it is executing?
Gigasoft
Member
Member
Posts: 856
Joined: Sat Nov 21, 2009 5:11 pm

Re: CreateRemoteThread

Post by Gigasoft »

The MSDN page is worded incorrectly. The "lpParameter" parameter is described as "a pointer to a variable to be passed to the thread function", but it's just a pointer sized parameter which could contain anything. If you actually want to use it to point to something, you have to arrange it by yourself.
Post Reply