Category:Digital-Forensics/APC-Injection
Jump to navigation
Jump to search
You are here | Asynchronous Procedure Call (APC) Injection
|
Description
Asynchronous Procedure Call (APC) consists in invoking a function in an existing thread.
Applications in an alertable state execute instructions in the APC queue.
Malware force the application to be in the alertable state to get immediate execution of the queue (inluding the injected malicious code).
svchost.exe is often targeted because its thread are often in an alertable state.
User-mode and kernel-mode APC
- User-mode APC
- APC generated for an application
- kernel-mode APC
- APC generated for the system or a driver
Pages in category "Digital-Forensics/APC-Injection"
The following 10 pages are in this category, out of 10 total.