Code Injection - Bypass start address protection
Code injection series part 2

Over the year several mechanisms were developed by vendors to prevent code injection. A common mechanism is to detect invalid start address of the injected thread. Here, as an example we are going to see how to bypass Firefox protections and Get-InjectedThread detection mechanism.

Article published on 5 September 2019
last modification on 14 October 2019

by Emeric Nasi


Prerequisites: This document requires some knowledge about Windows system programming. Also, it is mandatory to be familiar with concepts presented in Code injection series part 1.
License : Copyright Emeric Nasi (@EmericNasi), some rights reserved
This work is licensed under a Creative Commons Attribution 4.0 International License.
Creative Commons License

I Introduction

Over the year several mechanisms were developed by vendors to prevent code injection. A common mechanism is to detect invalid start address of the injected thread. Here, as an example we are going to see how to bypass Firefox protections and Get-InjectedThread detection mechanism.

If you wish to read more about this, the document can be downloaded in a PDF format