update process inject execute block

2019-09-10 12:57:12 -05:00 · 2019-09-10 12:57:12 -05:00 · 74969de7f0
parent c186280f7d
commit 74969de7f0
1 changed files with 13 additions and 4 deletions
--- a/clean_template.profile
+++ b/clean_template.profile
@ -233,10 +233,19 @@ process-inject {
    }
    execute {
-        CreateThread "ntdll!RtlUserThreadStart";
+        #CreateThread;
-        CreateThread;
+        #CreateRemoteThread;       
-        NtQueueApcThread;
+
-        CreateRemoteThread;
+        CreateThread "ntdll.dll!RtlUserThreadStart+0x1000";
        SetThreadContext;
        NtQueueApcThread-s;
        #NtQueueApcThread;
        CreateRemoteThread "kernel32.dll!LoadLibraryA+0x1000";
        RtlCreateUserThread;
    }
 }