MemoryGuard is designed to prevent one process (originator) from altering the memory of another process (target). Attackers seek to re-allocate memory, place executable code into the newly allocated memory, and execute it within the context of the target process. This type of attack is called remote thread execution, remote code injection and remote code execution. This type of code injection has been widely used in Trojan downloader type of malware. Unlike other code injection techniques that rely on memory corruption, the remote thread execution technique mentioned uses legitimate system calls available in the Windows Operating system.

See also:

Guarded Execution