Can I do CreateRemoteThread without being blocked by AV?

My questions is what the title says. Can I run a remote thread without being blocked by some antivirus applications?

ReadProcessMemory is sl开发者_运维百科ow, so I need to inject my own code into the process and read it's own memory.

Whether or not anti-virus software is running should not affect this. You'll need elevated rights, though, but ReadProcessMemory requires that anyway.

One way is to ask that process somehow to load your code. If you have access to its source code, you can add an IPC interface for that. If that program has plugin/addon interface, consider writing a plugin which will contain such an interface.

On Windows, you can try SetWindowsHookEx API. It is more common operation than injecting a thread, so maybe AVs will ignore you this time.

Or you can ask users to add the program to AV's exclusion list.

Otherwise, there is no way to inject into a foreign process and not be suspicious. You're going to do what most malware wants to do, yet without being detected, how do you think any good AV can allow that?