(This is my first post on 0x00sec)
I have a DLL injector - say injector.exe - that uses the Reflective DLL Injection technique. When executed, all the steps until VirtualAllocEx and WriteProcessMemory run perfectly (I put up debug print statements which show up in the cmd indicating the flow of execution). But, when it comes to the step of executing the DLL using CreateRemoteThread, an AV called ‘eScan’ is blocking the injector.exe. I have tried using RtlCreateUserThread and NtCreateThreadEx instead of CreateRemoteThread, but to no avail.
Can anyone please tell me why is it happening?