Create Thread
Consiste em chamar um sub processo , no processo alvo importa as funções do Windows Kernel32.dll
Is to call a sub process, the target process imports the functions of Windows Kernel32.dll
Exemplo de Create Thread em assembly.start:
proc fnThread
push 0 ;uType
push _cpt ;lpCaption
push _txt ;lpText
push 0 ;hWnd
call [MessageBox]
push 0 ;dwExitCode
call [ExitThread]
ret
endp
push dword ptr _tid ;lpThreadId
push 0 ;dwCreationFlags
push NULL ;lpParameter
push dword ptr fnThread ;lpStartAddress
push 0 ;dwStackSize
push NULL ;lpThreadAttributes
call [CreateThread]
push 0
call [ExitProcess]
section '.data' code readable
_cpt db 'lpCaption[FASM]', 0
_txt db 'lpText[FASM]', 0
_tid dd ?
section '.idata' import data readable
library user, 'USER32.DLL',\
kernel32, 'KERNEL32.DLL'
import user,\
MessageBox, 'MessageBoxA'
import kernel32,\
CreateThread, 'CreateThread',\
ExitThread, 'ExitThread',\
ExitProcess, 'ExitProcess'
A mesma função para chamar uma thread em sua Dll hacker em pascal. Só que essa é em linguagem de baixo nivel (Assembly).
Example of Create Thread in assembly.
The same function to call a thread in dll hacker in his Paschal. Except that this language is low level (assembly). Consists of calling a sub process, the target process imports the functions of Windows Kernel32.dll
Complemento
WriteProcessMemory Trampoline Função da Windows Kernel32.dll
push lpNumberOfBytesWritten ;out
push nSize ;in
push lpBuffer ;in
push lpBaseAddress ;in
push hProcess ;in
CALL @WriteProcessMemoryTrampoline@WriteProcessMemoryTrampoline:
mov eax, WriteProcessMemory ; IAT
mov eax, [eax+2] ; .idata
mov eax, [eax] ; kernel32.WriteProcessMemory
add eax, 5 ; kernel32.WriteProcessMemory+5
mov edi, edi ; emulate first instruction
push ebp ; emulate second instruction
mov ebp, esp ; emulate third instruction
jmp eax ; JMP to kernel32.WriteProcessMemory+5