Early Bird Injection – APC Abuse

From prodefence.org

An Asynchronous Procedure Call is basically a function/code that is set to execute (asynchronously) within the context of a specified thread. Said functions (callbacks) are added to the APC Queue of a particular thread – which will then be executed in First in First Out order once the thread enters an alertable state. Every running thread has its own APC Queue, APCs can be added to this queue via the QueueUserAPC() WinAPI call. Get additional info from the experts here: https://docs.microsoft.com/en-us/windows/desktop/sync/asynchronous-procedure-calls

Read more…