|
|
|
|
|
|
by mockingbirdy
1602 days ago
|
|
|
I've used nearly the same code for years with a trampoline function (JMP instruction instead of simply writing the code right there), so not too sure about it being a new technique.
In my opinion, CreateRemoteThread is the function that usually triggers AVs and injecting code into processes is the suspicious part. |
|
|