on some computers, SetThreadContext may be weird and rcx, rdx, r8. r9 may not be able to be set. this occured for me. I might possibly consider releasing a update/another repo getting pass this.
proof of concept dll injector which injects without a process handle, and with a thread handle instead. with the power of Get/SetThreadContext, and some gadgets, you are able to call functions and write to another process
with the thread context, you can set rax to the value to be written, and rdx to where to write to and rip to the address of this gadget
mov qword ptr [rdx], rax
ret
and with the return address/rsp set to this gadget, which is basically a infinite loop
jmp 0
now 8 bytes of data has been written to the other process
so now you just spam this to write large ammounts of data, and use it to push data to the stack for triggering functions
2024-04-07.21-49-11.mp4
resources which made this possible: https://github.com/c0de90e7/GhostWriting/blob/master/gw_ng.c https://blog.sevagas.com/IMG/pdf/code_injection_series_part5.pdf