In this article, we will build upon what we learned in the previous article, “Introduction to Win32 API,” and learn how to inject shellcode into an existing process. Process injection is useful because it allows us to run our malicious code from within a trusted process, making it much more evasive.
If you missed it, you can find the previous article here.
Process Injection # In the last post, we talked about how each process has its own virtual address space.
For my first real post, I am going to explain the basics of processes, threads, handles, and the Win32 API. These concepts are fundamental to learning how to manipulate other running processes in order to establish persistence, evade detection, and much more.
i.e. Malware
Processes # What is a process? # Each process is an instance of an executing program that has its own memory space and system resources. These processes are managed by the operating system, which allocates resources and schedules their execution.