System Programming Blog
This blog is dedicated to low level programming in Assembler and C/C++ (although, C++ is unwelcome) in either *Nix or Windows based operating systems.
Showing 2 posts for tag 'CreateRemoteThread'
Exception Driven 'Debugging': Getting Behind the Anti Debugging Tricks
However, the purpose of this article is not to discuss pros and cons of Themida or any other protector, nor do I have any intention to disgrace any of the software vendors. The purpose is to describe a relatively easy way of bypassing common anti debugging tricks (including Windows DRM protection) with DLL injection.
CreateRemoteThread. Bypass Windows 7 Session Separation
Internet is full of programmers forums and those forums are full with questions about CreateRemoteThread Windows API function not working on Windows 7 (when trying to inject a DLL). Those posts made by lucky people, somehow, redirect you to the MSDN page dedicated to this API, which says: "Terminal Services isolates each terminal session by design. Therefore, CreateRemoteThread fails if the target process is in a different session than the calling process." and, basically, means - start the process from your injector as suspended, inject your DLL and then resume the process' main thread.

This site uses cookie files for our mutual comfort.

OK
Copyright © 2023 Alexey Lyashko