Invoke functions with a spoofed return address. For 32-bit Windows binaries

Overview

x86RetSpoof Windows

Invoke functions with a spoofed return address. For 32-bit Windows binaries.

How to use

  1. Include x86RetSpoof.h in your project.
  2. Find FF 23 byte sequence (gadget, machine code equivalent of jmp dword ptr [ebx]) in the executable code section of the module you want the spoofed return address to appear in. The address of it will be the gadgetAddress and the invoked function will see it as the return address.
  3. Call the function with x86RetSpoof::invoke...() matching the calling convention of the target function.

Example

Calling MessageBoxW function:

x86RetSpoof::invokeStdcall<int>(std::uintptr_t(&MessageBoxW), std::uintptr_t(gadgetAddress), nullptr, L"text", L"title", MB_OK);
Issues
  • x64retspoof

    x64retspoof

    would be possible to fuse both codes into one? 1file for x86 and x64 https://www.unknowncheats.me/forum/anti-cheat-bypass/268039-x64-return-address-spoofing-source-explanation.html

    opened by rafalohaki 1
Owner
Daniel Krupiński
Daniel Krupiński
Manual mapper that uses PTE manipulation, Virtual Address Descriptor (VAD) manipulation, and forceful memory allocation to hide executable pages. (VAD hide / NX bit swapping)

Stealthy Kernel-mode Injector Manual mapper that uses PTE manipulation, Virtual Address Descriptor (VAD) manipulation, and forceful memory allocation

Charlie Wolfe 87 Jul 22, 2022
idf.py.exe, wrapper tool to invoke idf.py on Windows

IDF wrapper tool (idf.py.exe) This tools helps invoke idf.py in Windows CMD shell. In Windows CMD shell, python scripts can be executed directly (by t

Espressif Systems 3 Dec 13, 2021
Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions

xPipe Cobalt Strike BOF (x64) Cobalt Strike Beacon Object File (BOF) to list active Pipes & return their Owner & Discretionary Access Control List (DA

Bobby Cooke 59 Jul 6, 2022
A video input (V4L2) to NDI converter that works with Raspberry Pi (32-bit and 64-bit), and Intel/AMD CPUs

V4L2 to NDI V4L2 to NDI is an application that connects to attached V4L2 devices and encodes the video signal into NDI It uses the NDI library, allowi

Luke Plassman 40 Jul 28, 2022
Allows for multiple SwitchBot buttons and curtains to be controlled via MQTT sent to ESP32. ESP32 will send BLE commands to switchbots and return MQTT responses to the broker. Also supports Meter/Temp Sensor

SwitchBot-MQTT-BLE-ESP32 Switchbot local control using ESP32. no switchbot hub used/required. works with any smarthub that supports MQTT https://githu

null 270 Jul 31, 2022
Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes

HalosGate Processlist Cobalt Strike BOF Cobalt Strike Beacon Object File (BOF) that uses a custom HalosGate & HellsGate syscaller, written in assembly

Bobby Cooke 50 May 12, 2022
Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.

Cobalt Strike "Where Am I?" Beacon Object File Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environmen

Bobby Cooke 86 Jul 27, 2022
Bypass Roblox's Trustcheck via the JNZ address of it

What is a Trustcheck? Roblox has a check to see if the URL that was inputted is trusted by them or not, this can be bypassed via 2 options. You can ei

Rexi 4 Jul 31, 2022
A faster,smaller,Address Sanitizer,200X Faster,95% Smaller.

FirASAN(Fir Address Sanitizer) A faster,smaller,Address Sanitizer 200X Faster,95% Smaller. FirASAN 结论: 内存消耗 CPU消耗 ASAN原版 +100-150% +200%以上 FirASAN +5%

null 10 Jul 14, 2022
Bitcoin/Ethereum Address Prefix Finder

VanitySearch A small modification of VanitySearch Added private key random between minimum and maximum hash values. Example for CPU Run: VanitySearch.

Fialka M-125 11 Jun 17, 2022
It is a C / C++ console based project made by team: return 0.

LU Student Assistant In the latest version release v1.02, we add time and date in our system. It is a C / C++ project made by team: return 0. It is ve

Shah Sayem Ahmad 1 Feb 1, 2022
A C++ implemented set of 8,16,32,64 bit cyclic redundancy check (CRC) functions conforming to the CRC spec given by AUTOSAR

A C++ implemented set of 8,16,32,64 bit cyclic redundancy check (CRC) functions conforming to the CRC spec given by AUTOSAR. Written in C++ and compiled as a 'C++ addon' for use in JavaScript. Available on NPM.

Richard Haar 3 Jul 13, 2022
Libft is an individual project at 42 that requires us to re-create some standard C library functions including some additional ones that can be used later to build a library of useful functions for the rest of the program.

Libft is an individual project at 42 that requires us to re-create some standard C library functions including some additional ones that can be used later to build a library of useful functions for the rest of the program.

Paulo Rafael Ramalho 0 Apr 5, 2022
Powerful automated tool for reverse engineering Unity IL2CPP binaries

Powerful automated tool for reverse engineering Unity IL2CPP binaries

Katy 1.9k Aug 5, 2022
Obfuscate calls to imports by patching in stubs. ICO works on both X86 and X64 binaries.

ICO adds a new section into the image, then begins building stubs for each import that uses a extremely basic routine to decrypt an RVA and places them into the section.

null 35 Jun 29, 2022
Universal binaries for Linux.

FatELF The latest information about FatELF can be found at https://icculus.org/fatelf/ What is this? FatELF is a simple file format that allows you to

Ryan C. Gordon 32 May 22, 2022
Project is to port original Zmodem for Unix to CP/M and provide binaries and source code for platform specific modification as needed. Based on 1986 C source code by Chuck Forsberg

Zmodem-CP-M This repository is intended to foster a RetroBrewComputers community effort to port the original Zmodem source code for Unix to CP/M so ev

null 10 Apr 7, 2022
Project is to port original Zmodem for Unix to CP/M and provide binaries and source code for platform specific modification as needed. Based on 1986 C source code by Chuck Forsberg

Zmodem4CPM This repository is intended to foster a RetroBrewComputers community effort to port the original Zmodem source code for Unix to CP/M so eve

null 10 Apr 7, 2022
「👾」Some binaries for you to crack

「 ?? 」Crackme Hello visitor! I'll leave some binaries made by me for you to try to crack. I'm not experienced in this area but I'm taking the opportun

null 2 Apr 22, 2022