Inject to Running processes (with no altertable threads)

Question

Inject to Running processes (with no altertable threads)

iradization opened this issue 5 years ago · comments

Hi,

I was wonder if it's optional to using APC to inject into already running processes that doesn't necessarily have alertable threads.

According to APC doc :

When a user-mode APC is queued, the thread to which it is queued is not directed to call the APC function unless it is in an alertable state. (I assume kernel-mode APC work the same way)

Is there a way to change thread state so it will accept APC calls, or any other alternative ?

thanks

Sanghyeok Nam · Answer 1 · Wed Feb 27 2019 16:11:15 GMT+0800 (China Standard Time)

Try KeTestAlertThread to force deliver user apc.

EDIT:
see here: https://github.com/DarthTon/Blackbone/blob/master/src/BlackBoneDrv/Loader.c#L719

Petr Beneš · Answer 2 · Wed Mar 06 2019 19:26:36 GMT+0800 (China Standard Time)

Doesn't ForceUserApc solve your problem? (as specified in the README.md)

iradization · Answer 3 · Mon Mar 18 2019 19:52:49 GMT+0800 (China Standard Time)

Yes, I've tried that and it did. thanks !