Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Strange question about CreateRemoteThread
Register Forum Rules FAQ Calendar

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 06-05-2020, 04:05
nulli nulli is offline
VIP
  
Join Date: Nov 2003
Posts: 176
Rept. Given: 42
Rept. Rcvd 22 Times in 12 Posts
Thanks Given: 63
Thanks Rcvd at 84 Times in 56 Posts
nulli Reputation: 22
I'm guessing you're using Windows 10? Where the Windows PE Image Loader uses the thread pool to parallel load images.

You can disable parallel loading in the registry and retry for fun (not profit):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FILENAME.exe]
"MaxLoaderThreads"=dword:00000001

Note that you have to replace the 'FILENAME.exe' key with whatever is the file name of the target.

You could also set the value in the targets PEB (untested):
PEB.ProcessParameters.LoaderThreads = 1
Reply With Quote
The Following 2 Users Say Thank You to nulli For This Useful Post:
DavidXanatos (06-05-2020), tonyweb (06-07-2020)
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Strange RSA modulus N value TempoMat General Discussion 8 12-22-2017 10:36


All times are GMT +8. The time now is 05:18.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )