private static extern IntPtr NtCreateThreadEx(
out IntPtr outhThread,
int inlpvDesiredAccess,
IntPtr lpObjectAttributes,
IntPtr inhProcessHandle,
IntPtr lpStartAddress,
IntPtr lpParameter,
bool inCreateSuspended,
ulong inStackZeroBits,
ulong inSizeOfStackCommit,
ulong inSizeOfStackReserve,
[MarshalAs(UnmanagedType.Struct)] out NTDll.NtCreateThreadExBuffer outlpvBytesBuffer);
public static IntPtr CreateRemoteThread(IntPtr address, IntPtr param, IntPtr handle)
{
NTDll.NtCreateThreadExBuffer outlpvBytesBuffer = new NTDll.NtCreateThreadExBuffer();
outlpvBytesBuffer.Size = Marshal.SizeOf((object)outlpvBytesBuffer);
outlpvBytesBuffer.Unknown1 = 65539UL;
outlpvBytesBuffer.Unknown2 = 8UL;
outlpvBytesBuffer.Unknown3 = Marshal.AllocHGlobal(4);
outlpvBytesBuffer.Unknown4 = 0UL;
outlpvBytesBuffer.Unknown5 = 65540UL;
outlpvBytesBuffer.Unknown6 = 4UL;
outlpvBytesBuffer.Unknown7 = Marshal.AllocHGlobal(4);
outlpvBytesBuffer.Unknown8 = 0UL;
IntPtr outhThread = IntPtr.Zero;
NTDll.NtCreateThreadEx(out outhThread, 2097151, IntPtr.Zero, handle, address, param, false, 0UL, 0UL, 0UL, out outlpvBytesBuffer);
if (outhThread == IntPtr.Zero)
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
return(outhThread);
}
