In this post we are going to look at another method for shellcode execution. THis involves using the API call QueueUserAPC . Like previous Process Hollowing, in this we are going to open a process in a suspended state, allocate some memory into it, write our shellcode into that allocated region, queue and APC to the thread and then resume it.
According to Mitre APC injection is commonly performed by attaching malicious code to the APC Queue of a process’s thread. Que…