From 74969de7f041462e23ca496b0b0217003d1c0ed9 Mon Sep 17 00:00:00 2001
From: xx0hcd <xx0hcd@gmail.com>
Date: Tue, 10 Sep 2019 12:57:12 -0500
Subject: [PATCH] update process inject execute block

---
 clean_template.profile | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/clean_template.profile b/clean_template.profile
index 5aa7703..f79b5ae 100644
--- a/clean_template.profile
+++ b/clean_template.profile
@@ -233,10 +233,19 @@ process-inject {
     }
 
     execute {
-        CreateThread "ntdll!RtlUserThreadStart";
-        CreateThread;
-        NtQueueApcThread;
-        CreateRemoteThread;
+        #CreateThread;
+        #CreateRemoteThread;       
+
+        CreateThread "ntdll.dll!RtlUserThreadStart+0x1000";
+
+        SetThreadContext;
+
+        NtQueueApcThread-s;
+
+        #NtQueueApcThread;
+
+        CreateRemoteThread "kernel32.dll!LoadLibraryA+0x1000";
+
         RtlCreateUserThread;
     }
 }