CreateRemoteThread: Memory Management

Question

I'm wondering about the LPVOID lpParameter parameter of the CreateRemoteThread function. Because processes don't share memory, the remote thread can't access a struct in our process. So, does the function copy the parameter and manages it by it own or do we need to allocate memory with VirtualAllocEx and then call WriteProcessMemory to actually copy the struct into the remote process?

Answer 1

CreateRemoteThread does not do any automatic management of lpParameter. You are correct, it is up to the developer to ensure that lpParameter is a valid pointer in the context of the target process. VirtualAllocEx and WriteProcessMemory are definitely options for doing so.