static void Main(string[] args)
{
int lastWin32Error;
InjectableProcess process = new InjectableProcess(TestApplication, ProcessCreationOptions.NormalPriorityClass | ProcessCreationOptions.CreateSuspended);
MemoryWriter writer = process.CreateMemoryWriter(1024);
IntPtr advapi32 = writer.WriteValue("Advapi32.dll");
IntPtr registryKeyAddress = writer.WriteValue(@"Pieter\Test");
IntPtr registryHkeyAddress = writer.Alloc(4);
writer.CallLoadLibrary(advapi32);
writer.CallRegOpenKey(0x80000001, registryKeyAddress, registryHkeyAddress); //HKEY_CURRENT_USER
writer.CallRegOverridePredefKey(0x80000001, registryHkeyAddress);
writer.CallRegCloseKey(registryHkeyAddress);
writer.CallExitThread();
// Change page protection so we can write executable code
//VirtualProtectEx(hProcess, codecaveAddress, workspaceIndex, MemoryProtection.ExecuteReadWrite, &oldProtect);
Task task = process.CreateRemoteThread(writer);
task.Wait();
process.Resume();
}
static void Main(string[] args)
{
int lastWin32Error;
InjectableProcess process = new InjectableProcess(TestApplication, ProcessCreationOptions.NormalPriorityClass | ProcessCreationOptions.CreateSuspended);
MemoryWriter writer = process.CreateMemoryWriter(1024);
IntPtr advapi32 = writer.WriteValue("Advapi32.dll");
IntPtr registryKeyAddress = writer.WriteValue(@"Pieter\Test");
IntPtr registryHkeyAddress = writer.Alloc(4);
writer.CallLoadLibrary(advapi32);
writer.CallRegOpenKey(0x80000001, registryKeyAddress, registryHkeyAddress); //HKEY_CURRENT_USER
writer.CallRegOverridePredefKey(0x80000001, registryHkeyAddress);
writer.CallRegCloseKey(registryHkeyAddress);
writer.CallExitThread();
// Change page protection so we can write executable code
//VirtualProtectEx(hProcess, codecaveAddress, workspaceIndex, MemoryProtection.ExecuteReadWrite, &oldProtect);
Task task = process.CreateRemoteThread(writer);
task.Wait();
process.Resume();
}