https://guidedhacking.com/threads/how-to-detect-threads-createremotethread-ntcreatethread.20474/
How to Detect Threads.
CreateRemoteThread() and NtCreateThread().
<------------------------------------------>
Both CreateRemoteThread() and NtCreateThread() are functions used for code injection in Windows operating systems.They are commonly used in scenarios where one process wants to execute code within the address space of another process.
CreateRemoteThread()
CreateRemoteThread() is a documented Win32 API function that allows a process to create a thread in the address space of a different process.
It takes the handle of the target process, the address of the function to be executed, and optional parameters for the function.This function is commonly used for DLL injection, where a DLL is loaded into the target process and its exported function is executed.
NtCreateThread()
NtCreateThread() is an undocumented function from the Native API of Windows.
It is a lower-level function that can also be used for code injection. It is similar to CreateRemoteThread(),but it provides more flexibility and control over the created thread. It allows specifying additional parameters,
such as the initial thread context and security attributes. It's worth noting that using undocumented functions like NtCreateThread() can be risky, as they may not be supported in future Windows versions or may have different behavior across different Windows versions.Additionally, using undocumented functions may violate the terms of service of certain software or platforms.
In summary, both CreateRemoteThread() and NtCreateThread() are functions used for code injection, with CreateRemoteThread() being a documented Win32 API function and NtCreateThread() being an undocumented function from the Native API of Windows.
More info.: https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-createremotethread
#hebras #programar #api #windows #sdk
How to Detect Threads.
CreateRemoteThread() and NtCreateThread().
<------------------------------------------>
Both CreateRemoteThread() and NtCreateThread() are functions used for code injection in Windows operating systems.They are commonly used in scenarios where one process wants to execute code within the address space of another process.
CreateRemoteThread()
CreateRemoteThread() is a documented Win32 API function that allows a process to create a thread in the address space of a different process.
It takes the handle of the target process, the address of the function to be executed, and optional parameters for the function.This function is commonly used for DLL injection, where a DLL is loaded into the target process and its exported function is executed.
NtCreateThread()
NtCreateThread() is an undocumented function from the Native API of Windows.
It is a lower-level function that can also be used for code injection. It is similar to CreateRemoteThread(),but it provides more flexibility and control over the created thread. It allows specifying additional parameters,
such as the initial thread context and security attributes. It's worth noting that using undocumented functions like NtCreateThread() can be risky, as they may not be supported in future Windows versions or may have different behavior across different Windows versions.Additionally, using undocumented functions may violate the terms of service of certain software or platforms.
In summary, both CreateRemoteThread() and NtCreateThread() are functions used for code injection, with CreateRemoteThread() being a documented Win32 API function and NtCreateThread() being an undocumented function from the Native API of Windows.
More info.: https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-createremotethread
#hebras #programar #api #windows #sdk
Docs
CreateRemoteThread function (processthreadsapi.h) - Win32 apps
Creates a thread that runs in the virtual address space of another process.