jbremer
commented
12 years ago This will be done through the python layer. Data is sent to the cuckoo pipe, the python layer does its thing (i.e. inject into the child process, if it wants to) and data is sent back through the pipe. After data is sent back, the python layer has finished processing, and we can resume execution.
When a binary executes a new binary (creates a new process), inject into the new binary as following;
NtResumeThread()