Payload Execution

Function Pointer

typedef <return type> (*PFunction)(<parameters type1>,...)

要定好型別不然 malware 會死掉

Call

typedef void (*PFunction)()
PFunction pf = 0x123;
pf();

Execution via New Thread

不想以現在的Thread執行
用CreateThread

HANDLE hThread = CreateThread(
	NULL,
	0,
	(LPTHREAD_START_ROUTINE)pExec,
	NULL,
	0,
	NULL
);
 
WaitForSingleObject(hThread,INFINITE);