Hunting Security

Thanks for @Intel80x86 and @whtaguy for reviewing!   Disclaimer The following by no means presents any security issue or highly complex stuff. It’s merely a story of a short journey stretching from a driver debugging session to discovering just how wrong MSDN’s documentation can be. Motivation   As part of exercising writing different drivers, I wanted to see how removing the PROCESS_CREATE_THREAD access right from handles would affect the system, along with seeing just how effective this “aggressive” approach is when trying to block thread injections. No Access Rights Required   Why would it affect thread injection?  Well, apart from the self describing name of the access right, MSDN claims you need to pass a handle that has this access right when using CreateRemoteThread .     Figure 1: MSDN CreateRemoteThread handle parameter   Yet, my stupid simple thread injection PoC still worked after my driver removed that access right. Weird.  Maybe my driver has a bug?  Registering a post c