ntqueueapcthreadex-ntdll-gadget-injection
ntqueueapcthreadex-ntdll-gadget-injection copied to clipboard

Published 20 hours ago •

→

Metadata

This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret gadget can be used for stealthy code injection.

Reame
Issues

Results 1 ntqueueapcthreadex-ntdll-gadget-injection issues

Sort by recently updated

Adjust for x64 shellcode

I'm trying to get this to work for x64 shellcode. The gadget `pop r64; ret` has the same opcodes as `pop r32; ret` (afaik, could be mistaken). However, if I...

vivami

enhancement

About

This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret gadget can be used for stealthy code injection.

process-injection

shellcode-injection

shellcode

223

Stars

Forks

Watchers

Owner

LloydLabs

← Metadata

223

Stars

Forks

Watchers

Owner

LloydLabs

Metadata

This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret gadget can be used for stealthy code injection.

Back

ntqueueapcthreadex-ntdll-gadget-injection ntqueueapcthreadex-ntdll-gadget-injection copied to clipboard

Metadata

Adjust for x64 shellcode

← Metadata

Owner

Metadata

ntqueueapcthreadex-ntdll-gadget-injection
ntqueueapcthreadex-ntdll-gadget-injection copied to clipboard