AtomBombing: Brand New Code Injection for Windows

AtomBombing – a code injection technique that uses a table of atoms and Windows Asynchronous Procedure Call (APC).

Implementation of the code was a powerful weapon in the hacker arsenal for many years.

AtomBombing works in three main stages:
1. Write-What-Where – Writing arbitrary data to arbitrary locations in the target process’s address space.
2. Execution – Hijacking a thread of the target process to execute the code written in stage 1.
3. Restoration – Cleaning up and restoring the execution of the thread hijacked in stage 2.

A detailed description of each stage can be found here.

The author opens the question of the study on the method of open, which will allow us to find creative ideas to solve the problem. As the saying goes: to be continued …