
Example of injection with QueueUserAPC2

Primary LanguageC++


Example of injection with QueueUserAPC2 (Works only starting from Windows 11)


  • wil (RAII handles is very convenient)
  • xbyak (To generate a shellcode for APC)


Apc2Injector {dll_path} {exe_name}  

dll_path - Path to dll payload. Can be a relative path
exe_name - Name of target process.

For example:

 Apc2Injector Apc2Dll.dll explorer.exe

How does it work?

Main stages

  1. Defining target process and getting handle
  2. Loading path to dll into target process
  3. Loading shell code of APC function to target process
  4. Take handle on target process thread (I prefer to take main thread)
  5. Call QueueUserAPC2


  • Support of Wow64 targets
  • Detailed description of injection method
  • Add more comments (?)