#ProcessInjection - ROOTFU.IN

Direct Syscalls for AV Evasion

May 3, 2025 by Amber Chalia

Before you read this post, make sure to check out my blog on Native API, as I’m using the same template here. So, what is Direct Syscall? In simple terms, Direct Syscall means invoking system calls directly, without relying on Windows Native APIs like NtCreateFile or NtOpenProcess. Instead of calling these functions through ntdll.dll, we … Read more

Creating a Suspended Process in C#

March 24, 2025March 23, 2025 by Amber Chalia

What is a Suspended Process? A suspended process is a process that starts without immediately executing its main thread. Now, what is the main thread? That’s a great question! You can think of the main thread like the main() function in C/C++. When a process is created in a suspended state, it means the process … Read more