A kernel driver that detects remote thread creation and dumps the shellcode injected.
Usage:
injection_detection_user.exe 1 PATHto set the path where the shellcodes are saved.injection_detection_user.exe 0to start dumping shellcodes.
NOTE: I will update the code with more comments and a better readme when I have some free time.