CreateRemoteThread is currently declared as
HANDLE CreateRemoteThread(
HANDLE hProcess,
WinBase.SECURITY_ATTRIBUTES lpThreadAttributes,
int dwStackSize,
FOREIGN_THREAD_START_ROUTINE lpStartAddress,
Pointer lpParameter,
DWORD dwCreationFlags,
Pointer lpThreadId
);
Win API expects a pointer as a start address argument. However, in the above declaration it is FOREIGN_THREAD_START_ROUTINE which is a structure with a pointer. Therefore JNA creates an extra level of indirection when passing lpStartAddress, and this leads to an immediate crash of the target process with EXCEPTION_ACCESS_VIOLATION.
FOREIGN_THREAD_START_ROUTINE should extend PointerType rather than Structure.
See https://twitter.com/rafaelcodes/status/1152682931569274881?s=20 for an example.
CreateRemoteThreadis currently declared asWin API expects a pointer as a start address argument. However, in the above declaration it is
FOREIGN_THREAD_START_ROUTINEwhich is a structure with a pointer. Therefore JNA creates an extra level of indirection when passinglpStartAddress, and this leads to an immediate crash of the target process with EXCEPTION_ACCESS_VIOLATION.FOREIGN_THREAD_START_ROUTINEshould extendPointerTyperather thanStructure.See https://twitter.com/rafaelcodes/status/1152682931569274881?s=20 for an example.