Skip to content

Execution Context

Plugin commands can run in different ways, giving you flexibility. In contrast, native commands always run in the agent's own process. Plugin commands (implemented as shellcode) are executed in one of these ways:

  • In the agent's own process (Default):
    The shellcode runs inside the agent. This is usually the most stealthy option.

  • In a new process:
    A new process is created to run the shellcode. You can choose to suspend the process’s main thread or let it run normally. When using this option, you must specify which process to create. Optionally, you can supply a username and password for running under different credentials.

  • In an existing process:
    The shellcode is injected into a running process. You must provide the target Process ID (PID) and ensure you have sufficient permissions to access that process.