Giters

ROCKFAL1 / Apc2Injector

Example of injection with QueueUserAPC2

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Apc2Injector

Example of injection with QueueUserAPC2 (Works only starting from Windows 11)

Dependencies

  • wil (RAII handles is very convenient)
  • xbyak (To generate a shellcode for APC)

Usage

Apc2Injector {dll_path} {exe_name}

dll_path - Path to dll payload. Can be a relative path
exe_name - Name of target process.

For example:

 Apc2Injector Apc2Dll.dll explorer.exe

How does it work?

Main stages

  1. Defining target process and getting handle
  2. Loading path to dll into target process
  3. Loading shell code of APC function to target process
  4. Take handle on target process thread (I prefer to take main thread)
  5. Call QueueUserAPC2

TODO

  • Support of Wow64 targets
  • Detailed description of injection method
  • Add more comments (?)

About

Example of injection with QueueUserAPC2

Languages

Language:C++ 92.6%Language:CMake 7.4%