You're partially right about the alignment - there is a single push, so it's aligned. I could have added support for alignment guarantee, but wanted to keep things simple.
Hi Pavel, i would love if you could make some videos about kernel mode programming like drivers with the windows driver kit :) or other low level windows programming concepts / tutorials
Setting the memory as executable later (and as read,executable) (ie not at the same time as setting it RW) to try to avoid things noticing, was clever. Worth noting you have to be admin (or have debug privileges?) to do this injection etc
Ah yes, if the target process was started by (running in the context of) the current user doing the injecting, then its ok. Which is also why a normal user can debugg their own running apps. The comment was more to highlight the fact that cant inject into system processes etc without the necessary rights.
At 19:00 the ASLR address of loadlibrary in the target process is USALLY the same as in the program doing the injecting, ie common for the state of the system since the last reboot, but not guaranteed for certain dll's?
