Exploitation Tools

ThreadBoat – Uses Thread Execution Hijacking To Inject Shellcode

ThreadBoat - Program Uses Thread Execution Hijacking To Inject Native Shellcode Into A Standard Win32 Application


Program uses Thread Hijacking to Inject Native Shellcode into a Standard Win32 Application.

With Thread Hijacking, it allows the hijacker.exe program to suspend a thread within the target.exe program allowing us to write shellcode to a thread.

int main()
 System sys;
 Interceptor incp;
 Exception exp;

 if (sys.returnPrivilegeEscalationState())
  std::cout << "Token Privileges Adjusted\n";
 if (DWORD m_procId = incp.FindWin32ProcessId((PCHAR)m_win32ProcessName))

 return 0;


  • Windows Vista+
  • Visual C++


  • Winapi
    • user32.dll
    • kernel32.dll
  • ntdll.dll

About the author

Mazen Elzanaty

Add Comment

Click here to post a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: