Jump to content
Nytro

Using RtlCreateUserThread

By Nytro, in Programare

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

[h=1]Using RtlCreateUserThread[/h]Author: zwclose7

This is the example usage of RtlCreateUserThread

This program will create a remote thread that call ExitProcess within target process, cause the target process to exit

Source code:

#include <iostream>
#include <Windows.h>

using namespace std;

typedef struct _CLIENT_ID
{
    PVOID UniqueProcess;
    PVOID UniqueThread;
} CLIENT_ID, *PCLIENT_ID;

typedef long (*_RtlCreateUserThread)(HANDLE,
        PSECURITY_DESCRIPTOR,
        BOOLEAN,ULONG,
        PULONG,PULONG,
        PVOID,PVOID,
        PHANDLE,PCLIENT_ID);

_RtlCreateUserThread RtlCreateUserThread;

int main(){
    HANDLE hThd;
    CLIENT_ID cid;
    DWORD pid;

    HMODULE ntdll=LoadLibrary("ntdll.dll");
    HMODULE k32=LoadLibrary("kernel32.dll");

    RtlCreateUserThread=(_RtlCreateUserThread)GetProcAddress(ntdll,"RtlCreateUserThread");
    cin >>pid;

    HANDLE hProc=OpenProcess(PROCESS_ALL_ACCESS,false,pid);
    RtlCreateUserThread(hProc,NULL,false,0,0,0,(PVOID)GetProcAddress(k32,"ExitProcess"),0,&hThd,&cid);
    WaitForSingleObject(hThd,INFINITE);

    CloseHandle(hThd);
    CloseHandle(hProc);

    FreeLibrary(k32);
    FreeLibrary(ntdll);

    return 0;
}

http://www.rohitab.com/discuss/index.php?app=core&module=attach&section=attach&attach_id=3746

Sursa: Using RtlCreateUserThread - rohitab.com - Forums

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...