June 2018
Beginner
510 pages
13h 7m
English
Content preview from Learning Malware Analysis
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
3.2 DLL Injection Using APC (APC Injection)
In the previous technique, after writing the DLL pathname, CreateRemoteThread() was invoked to create a thread in the target process, which in turn called LoadLibrary() to load the malicious DLL. The APC injection technique is similar to remote DLL injection, but instead of using CreateRemoteThread(), a malware makes use of Asynchronous Procedure Calls (APCs) to force the thread of a target process to load the malicious DLL.
An APC is a function that executes asynchronously in the context of a particular thread. Each thread contains a queue of APCs that will be executed when the target thread enters an alertable state. As per Microsoft documentation (https://msdn.microsoft.com/en-us/library/windows/desktop/ms681951(v=vs.85).aspx ...