include 'win32ax.inc'
entry main
main:
xor eax,eax
push eax
push eax
push eax
push eax
push 0x4;THREAD_CREATE_FLAGS_HIDE_FROM_DEBUGGER
push eax
push ContinueExecution
push -1
push eax
push 0x001fffff
lea eax,[ebp-4]
push eax
call [NtCreateThreadEx]
test eax,eax
js @f
push 0xffffffff
push dword [ebp-4]
call [WaitForSingleObject]
@@: push 0
call [ExitProcess]
ContinueExecution: ; When a break point is set , this is not executed in a debugger.
push MB_OK
push szOkay
push szOkay
push 0
call [MessageBoxA]
.leave:
push 0
call [ExitProcess]
szOkay db 'Everything is Okay!!!',0
section '.idata' import data readable writeable
library kernel32,'kernel32.dll',user32,'user32.dll',\
ntdll,'ntdll.dll'
import ntdll,\
ZwSetInformationProcess,'ZwSetInformationProcess',\
NtQueryInformationThread,'NtQueryInformationThread',\
NtCreateThreadEx,'NtCreateThreadEx'
include "%include%/api/kernel32.inc"
include "%include%/api/user32.inc"
NtCreateThreadEx (Hidden Thread) [FASM]
Started By
Jochen
, Jan 19 2015 06:56 PM
No replies to this topic
#1
Posted 19 January 2015 - 06:56 PM