update process inject execute block

2019-09-10 12:57:12 -05:00 · 2019-09-10 12:57:12 -05:00 · 74969de7f0
parent c186280f7d
commit 74969de7f0
1 changed files with 13 additions and 4 deletions
--- a/clean_template.profile
+++ b/clean_template.profile
@ -233,10 +233,19 @@ process-inject {
    }

    execute {
-        CreateThread "ntdll!RtlUserThreadStart";
-        CreateThread;
-        NtQueueApcThread;
-        CreateRemoteThread;
+        #CreateThread;
+        #CreateRemoteThread;       
+
+        CreateThread "ntdll.dll!RtlUserThreadStart+0x1000";
+
+        SetThreadContext;
+
+        NtQueueApcThread-s;
+
+        #NtQueueApcThread;
+
+        CreateRemoteThread "kernel32.dll!LoadLibraryA+0x1000";
+
        RtlCreateUserThread;
    }
 }