GET /api/techniques/153/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"id": 153,
"key": "consolewindowclass",
"unprotect_id": "U1209",
"name": "ConsoleWindowClass",
"description": "One method that has been used to achieve process injection is by manipulating the User Data of a window object.\r\n\r\nThe User Data of a window is a small amount of memory that is usually used to store a pointer to a class object. This memory can be set using the `SetWindowLongPtr` API and the GWLP_USERDATA parameter. In the case of the Console Window Host (conhost) process, the User Data of a window is used to store the address of a data structure that contains information about the window's position, dimensions, and object handle, as well as a class object with methods to control the behavior of the console window.\r\n\r\nBy manipulating the User Data of a window object, it may be possible to execute arbitrary code in the context of the process associated with that window.",
"windows": "",
"linux": "",
"macos": "",
"resources": "https://modexp.wordpress.com/2018/09/12/process-injection-user-data/",
"creation_date": "2020-10-05T12:31:17Z",
"tags": "Arbitrary code execution,\r\nContext of another process,\r\nSetWindowLongPtr API,\r\nGWLP_USERDATA parameter,\r\nUser Data of a window,",
"modification_date": "2023-10-04T10:42:33.648000Z",
"category": [
4
],
"rules": [],
"attachments": [],
"featured_api": [
3,
4,
6,
24,
357
],
"contributors": []
}
