private static extern IntPtr NtCreateThreadEx( out IntPtr outhThread, int inlpvDesiredAccess, IntPtr lpObjectAttributes, IntPtr inhProcessHandle, IntPtr lpStartAddress, IntPtr lpParameter, bool inCreateSuspended, ulong inStackZeroBits, ulong inSizeOfStackCommit, ulong inSizeOfStackReserve, [MarshalAs(UnmanagedType.Struct)] out NTDll.NtCreateThreadExBuffer outlpvBytesBuffer);
public static IntPtr CreateRemoteThread(IntPtr address, IntPtr param, IntPtr handle) { NTDll.NtCreateThreadExBuffer outlpvBytesBuffer = new NTDll.NtCreateThreadExBuffer(); outlpvBytesBuffer.Size = Marshal.SizeOf((object)outlpvBytesBuffer); outlpvBytesBuffer.Unknown1 = 65539UL; outlpvBytesBuffer.Unknown2 = 8UL; outlpvBytesBuffer.Unknown3 = Marshal.AllocHGlobal(4); outlpvBytesBuffer.Unknown4 = 0UL; outlpvBytesBuffer.Unknown5 = 65540UL; outlpvBytesBuffer.Unknown6 = 4UL; outlpvBytesBuffer.Unknown7 = Marshal.AllocHGlobal(4); outlpvBytesBuffer.Unknown8 = 0UL; IntPtr outhThread = IntPtr.Zero; NTDll.NtCreateThreadEx(out outhThread, 2097151, IntPtr.Zero, handle, address, param, false, 0UL, 0UL, 0UL, out outlpvBytesBuffer); if (outhThread == IntPtr.Zero) { throw new Win32Exception(Marshal.GetLastWin32Error()); } return(outhThread); }