x64 PE-COFF virtualization driven obfuscation engine

Overview

Singularity

Prerequisite

To use and build this library you will have to have the following installed:

  • Python version 2.7 / 3.4 or higher
  • Git
  • msbuild (MicrosoftBuildsTools or VisualStudio)
  • vc143 (and vc142 if you wanna build xed and possibly also boost if i will ever use that in here)
  • CMake

Additionally you will have to register your python, git and vcvars*.bat binaries in the PATH environment variable,
if you want to manually build the dependencies.
(these are required in bootstrap.bat, so its fine if they are local to the env of the prompt executing the script):

How to build

Clone the repository with all its dependencies, then run the bootstrap script.
After that msbuild can be used to build the main project in either Debug or Release.\

git clone --recurse-submodules https://github.com/Lima-X/Singularity
.Singularity\bootstrap
vcvars64
msbuild .Singularity\Singularity.sln -p:Configuration=Release
Owner
Lima X
Low level hobby dev | programming primarily in C/C++ and x86asm | mostly making random stuff for fun | currently student
Lima X
PoC MSVC COFF Object file loader/injector.

COFFInjector A Proof of Concept code - loading and injecting MSVC object file. Blog post with explanation: https://0xpat.github.io/Malware_development

null 124 Aug 8, 2022
A simple thread-safe implementation of runtime obfuscation for Win32 applications.

Thread-Safe Win32 Runtime Obfuscation A simple thread-safe implementation of runtime obfuscation for Win32 applications. The main use case for this is

Daniel 1 Mar 6, 2022
Load and execute COFF files and Cobalt Strike BOFs in-memory

COFFLoader2 This repo contains the source code of a Common Object File Format (COFF) loader, which is a rewrite of the research and implementation don

Yasser 114 Aug 5, 2022
Pipet - c++ library for building lightweight processing pipeline at compile-time for string obfuscation, aes ciphering or whatever you want

Pipet Pipet is a lightweight c++17 headers-only library than can be used to build simple processing pipelines at compile time. Features Compile-time p

C. G. 59 Jul 30, 2022
x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration

anycall x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration Read: https://www.godeye.club/2021/05/14/0

Kento Oki 137 Aug 3, 2022
x64 Windows kernel driver mapper, inject unsigned driver using anycall

anymapper x64 Windows kernel driver mapper, inject unsigned driver using anycall This project is WIP. Todo Fix: Can't make API calls from IAT nor func

Kento Oki 68 Jun 22, 2022
Easily hook WIN32 x64 functions

About Library for easy hooking of arbitrary functions in WIN32 x64 executables. Only requires target function address. Disassembles the function prolo

tcpie 17 Jun 12, 2022
Obfuscate calls to imports by patching in stubs. ICO works on both X86 and X64 binaries.

ICO adds a new section into the image, then begins building stubs for each import that uses a extremely basic routine to decrypt an RVA and places them into the section.

null 35 Jun 29, 2022
A D++ Discord Bot template for Visual Studio 2019 (x64 and x86)

D++ Windows Bot Template A D++ Discord Bot template for Visual Studio 2019 (x64 and x86, release and debug). The result of this tutorial. This templat

brainbox.cc 19 Jul 16, 2022
A Linux x64 tool to trace registers and memory regions.

HellTracer Description A Linux x64 tool to trace registers and memory regions. Build the tool Clone the repository. Compile the tool with make. Add th

Aurélien Tournebise 27 Jun 17, 2022
Module Stomping, No New Thread, HellsGate syscaller, UUID Shellcode Runner for x64 Windows 10!

Ninja UUID Shellcode Runner Module Stomping, No New Thread, HellsGate syscaller, UUID Shellcode Runner for x64 Windows 10! Now supports running Cobalt

Bobby Cooke 318 Aug 6, 2022
very basic and minimalistic hooking "library" for windows (x64 support soon)

IceHook very basic and minimalistic hooking "library" for windows (x64 support soon) Example how to use: typedef void(__stdcall* twglSwapBuffers)(HDC

null 5 Jul 25, 2022
Module Stomping, No New Thread, HellsGate syscaller, UUID Shellcode Runner for x64 Windows 10!

Ninja UUID Shellcode Runner Module Stomping, No New Thread, HellsGate syscaller, UUID Shellcode Runner for x64 Windows 10! Now supports running Cobalt

Bobby Cooke 318 Aug 6, 2022
An open-source x64/x32 debugger for windows.

x64dbg An open-source binary debugger for Windows, aimed at malware analysis and reverse engineering of executables you do not have the source code fo

x64dbg 38.8k Aug 13, 2022
Vmpfix - Universal x86/x64 VMProtect 2.0-3.X Import fixer

vmpfix VMPfix is a dynamic x86/x64 VMProtect 2.0-3.x import fixer. The main goal of this project was to build correct and reliable tool to fix imports

Pavel 183 Jul 26, 2022
CredBandit - Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel

CredBandit CredBandit is a proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process a

anthemtotheego 161 Aug 5, 2022
A C++ expression -> x64 JIT

NativeJIT NativeJIT is an open-source cross-platform library for high-performance just-in-time compilation of expressions involving C data structures.

null 1.1k Aug 6, 2022
A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.

manual-syscall-detect A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks. Description A full write-up of this to

Conor Richard 66 Jul 24, 2022
Hygieia, a vulnerable driver traces scanner written in C++ as an x64 Windows kernel driver.

Hygieia The Greek goddess of health, her name is the source for the word "hygiene". Hygieia is a windows driver that works similarly to how pagewalkr

Deputation 77 Aug 12, 2022