https://github.com/damonmohammadbagher/nativepayload_ctx
NativePayload_CTX Create Thread via _beginthreadex function in msvcrt.dll
https://github.com/damonmohammadbagher/nativepayload_ctx
Last synced: about 1 month ago
JSON representation
NativePayload_CTX Create Thread via _beginthreadex function in msvcrt.dll
- Host: GitHub
- URL: https://github.com/damonmohammadbagher/nativepayload_ctx
- Owner: DamonMohammadbagher
- Created: 2024-07-20T08:57:13.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2024-07-20T17:46:57.000Z (about 1 year ago)
- Last Synced: 2025-04-09T08:51:15.782Z (6 months ago)
- Language: C#
- Size: 419 KB
- Stars: 8
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# NativePayload_CTX
NativePayload_CTX Create Thread via _beginthreadex function in msvcrt.dll
you can use "_beginthreadex " function in "msvcrt.dll" instead using/importing CreateThread func in "Kernel32.dll" to create Thread in your csharp code and this code working very well and this code not detected by Windows Defender with last updates .
(sliver payloads are safe more often and cause of bypassing maybe is not _beginthreadex but when you do not use Creathread Api this will help you a lot to bypass some AVs but still here VirtualAlloc and WriteProcessMemory used so this code will detect by some avs IF your payload was not Safe [like meterpreter] ;D)
### note:
```
_beginthreadex functions actually call CreateThread under the hood,
in C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\crt\src on my machine.
// From ~line 180 of beginthreadex.c
/*
* Create the new thread using the parameters supplied by the caller.
*/
if ( (thdl = (uintptr_t)
CreateThread( (LPSECURITY_ATTRIBUTES)security,
stacksize,
_threadstartex,
(LPVOID)ptd,
createflag,
(LPDWORD)thrdaddr))
== (uintptr_t)0 )
{
err = GetLastError();
goto error_return;
}
```
---------------
Usage:
NativePayload_CTX.exe
