A lot of malware inject threads into other process to bypass Security Products.
Usually malwares write the the shellcode into remote process using WriteProcessMemory() and then start threads using CreateRemoteThread() . A lot of source codes are available over internet about this.
Let’s see how we can monitor thread injection using kernel mode driver.
read more...........http://dreamofareverseengineer.blogspot.com/2014/06/monitoring-thread-injection.html
Usually malwares write the the shellcode into remote process using WriteProcessMemory() and then start threads using CreateRemoteThread() . A lot of source codes are available over internet about this.
Let’s see how we can monitor thread injection using kernel mode driver.
read more...........http://dreamofareverseengineer.blogspot.com/2014/06/monitoring-thread-injection.html