Thread: Create Thread (EX)

Create Thread
Consiste em chamar um sub processo , no processo alvo importa as funções do Windows Kernel32.dll

Is to call a sub process, the target process imports the functions of Windows Kernel32.dll

start:

proc fnThread
push 0 ;uType
push _cpt ;lpCaption
push _txt ;lpText
push 0 ;hWnd
call [MessageBox]
push 0 ;dwExitCode
call [ExitThread]
ret
endp

push dword ptr _tid ;lpThreadId
push 0 ;dwCreationFlags
push NULL ;lpParameter
push dword ptr fnThread ;lpStartAddress
push 0 ;dwStackSize
push NULL ;lpThreadAttributes
call [CreateThread]
push 0
call [ExitProcess]

section '.data' code readable

_cpt db 'lpCaption[FASM]', 0
_txt db 'lpText[FASM]', 0
_tid dd ?

section '.idata' import data readable

library user, 'USER32.DLL',\
kernel32, 'KERNEL32.DLL'

import user,\
MessageBox, 'MessageBoxA'

import kernel32,\
CreateThread, 'CreateThread',\
ExitThread, 'ExitThread',\
ExitProcess, 'ExitProcess'

Exemplo de Create Thread em assembly.

A mesma função para chamar uma thread em sua Dll hacker em pascal. Só que essa é em linguagem de baixo nivel (Assembly).

Example of Create Thread in assembly.

The same function to call a thread in dll hacker in his Paschal. Except that this language is low level (assembly). Consists of calling a sub process, the target process imports the functions of Windows Kernel32.dll

Complemento

WriteProcessMemory Trampoline Função da Windows Kernel32.dll

push lpNumberOfBytesWritten ;out
push nSize ;in
push lpBuffer ;in
push lpBaseAddress ;in
push hProcess ;in
CALL @WriteProcessMemoryTrampoline

@WriteProcessMemoryTrampoline:

mov eax, WriteProcessMemory ; IAT

mov eax, [eax+2] ; .idata

mov eax, [eax] ; kernel32.WriteProcessMemory

add eax, 5 ; kernel32.WriteProcessMemory+5

mov edi, edi ; emulate first instruction

push ebp ; emulate second instruction

mov ebp, esp ; emulate third instruction

jmp eax ; JMP to kernel32.WriteProcessMemory+5