Prerequisites: This document requires some knowledge about Windows system programming. Also, it is mandatory to be familiar with concepts presented in Code injection series part 1.
License : Copyright Emeric Nasi (@EmericNasi), some rights reserved
This work is licensed under a Creative Commons Attribution 4.0 International License.

I Introduction

Ghost writing is a technique which consists into injecting and running code in a remote process by manipulating the register states of one of its thread.
This technique allows us to apply code injection without opening the process or calling any of the classic functions involve into remote memory allocation or memory writing.

I haven’t found an implementation satisfying for 64bit code and generally the few existing implementation for 32bit only describe limited shellcode injection so I decided to implement my own version and write something about it.

If you wish to read more about this, the document can be downloaded in a PDF format