[DavidXanatos]

Hi,

I have noticed that when I create a process in a suspended state and use CreateRemoteThread to load a dll (using LoadLibraryA) into that process, after the call to CreateRemoteThread even when the dllmain o the library is set to do nothing in addition to the 1 main thread and the one on purpose created thread I see 3 more appear with the start address ntdll.dll!RtlInitializeResource+0x410 why?!
And can I somehow avoid that?