Skip to content

rootdz1337/apcjocker

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 
apcjocker.cpp
apcjocker.cpp
 
 
jocker.cpp
jocker.cpp
 
 

Repository files navigation

apcjocker

apc injection smart kit

apcjocker

apcjocker

C++ code for APC (Asynchronous Procedure Call) injection. This is a more sophisticated technique compared to CreateRemoteThread and is often used to evade detection.

Important Notes

Limitations:

  • APC injection only works if target threads enter an alertable wait state (e.g., WaitForSingleObjectEx, SleepEx, MsgWaitForMultipleObjectsEx)
  • Not all processes have threads in alertable states
  • Modern Windows versions have additional protections against APC injection
  • May require SE_DEBUG_NAME privilege for system processes

Evasion Considerations:

  • APC injection is less monitored than CreateRemoteThread
  • Can be combined with obfuscation and sleep timing
  • Modern EDR solutions detect APC injection patterns

Compilation:

# Compile injector
cl.exe /EHsc /MT apcjocker.cpp

# Compile test DLL
cl.exe /LD /MT jocker.cpp

This code is for educational purposes to understand Windows internals and security mechanisms. Always ensure you have proper authorization before testing injection techniques.

About

apc injection smart kit

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages