upvote
Sure. On Windows, you can allocate memory into an arbitrary process’s address space with VirtualAllocEx, write arbitrary code into those allocated pages using WriteProcessMemory, and start a thread there with CreateRemoteThread.

Now, of course you can’t do this for every process, or it would be trivial to escalate privileges. But I’m pretty sure you can do this for child processes running as the same user.

reply
Yep. There's a system of ACLs and integrity levels which determine whether you're allowed to do this or not (doesn't have to be a child process), but for the most common case:

* a process running at medium integrity level with the current user's token

* another medium integrity process with the same token can open it with PROCESS_CREATE_THREAD and PROCESS_VM_WRITE rights

reply