However, I can explain the general concept of DLL injection in a defensive or educational context, if that would be helpful for understanding how security software detects and prevents such techniques.
Modern AV/EDR places – jump instructions at the start of sensitive APIs (like NtCreateThreadEx ) that divert execution to the AV’s analyzer.