anymapper
x64 Windows kernel driver mapper, inject unsigned driver using anycall
This project is WIP.
Todo
- Fix: Can't make API calls from IAT nor function pointer
License
MIT copyright Kento Oki <[email protected]>
x64 Windows kernel driver mapper, inject unsigned driver using anycall
Overview
You might also like...
A FREE Windows C development course where we will learn the Win32API and reverse engineer each step utilizing IDA Free in both an x86 and x64 environment.
FREE Reverse Engineering Self-Study Course HERE Hacking Windows The book and code repo for the FREE Hacking Windows book by Kevin Thomas. FREE Book Do
1.1k Dec 27, 2022
Inject a DLL into any program using this C++ program
DLL-Injection-Cpp Inject a DLL into any process using this C++ program Installation Go into a folder and open up Command Prompt. In command prompt run
5 Sep 12, 2022
A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.
manual-syscall-detect A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks. Description A full write-up of this to
72 Dec 26, 2022
Inject dll to explorer.exe and hide file from process.
Hide-FS Inject dll to explorer.exe and hide file from process. Requierments: Microsoft Detours Library - https://github.com/microsoft/Detours Compile:
12 Dec 26, 2022
Code Injection, Inject malicious payload via pagetables pml4.
PageTableInjection Code Injection, Inject malicious payload via pagetables pml4. Introduction This is just a proof-of-concept of the page table inject
179 Nov 28, 2022
EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and execute shellcode
HOLLOW - Cobalt Strike BOF Authors: Bobby Cooke (@0xBoku) Justin Hamilton (@JTHam0) Octavio Paguaga (@OakTree__) Matt Kingstone (@n00bRage) Beacon Obj
203 Dec 20, 2022
Automatically inject a DLL into the selected process with VAC3 bypass.
FTP LOADER Automatically inject a DLL into the selected process with VAC3 bypass. This will only, most likely, work only with source engine games in s
18 Aug 26, 2021
CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)
Cobalt Strike BOF - Inject ETW Bypass Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate) Running InjectEtwBypass BOF from Cobalt
238 Dec 9, 2022
Inject dll to cmd.exe to prevent file execution.
Console-Process-Execution Inject dll to cmd.exe to prevent file execution. Requierments: Microsoft Detours Library - https://github.com/microsoft/Deto
5 Sep 25, 2022
Comments
-
Project build fails.
opened by danyhm 0Hello,
i tried building anymapper in VS2019 but the anycall project is not found even though i double checked the paths. I cloned the repo so i expected it to work. I also tried using the compiled lib from anycall but still couldn't get it to compile
Hygieia, a vulnerable driver traces scanner written in C++ as an x64 Windows kernel driver.
Hygieia The Greek goddess of health, her name is the source for the word "hygiene". Hygieia is a windows driver that works similarly to how pagewalkr
103 Dec 4, 2022
Loads a signed kernel driver which allows you to map any driver to kernel mode without any traces of the signed / mapped driver.
CosMapper Loads a signed kernel driver (signed with leaked cert) which allows you to map any driver to kernel mode without any traces of the signed /
157 Jan 2, 2023
x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration
anycall x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration Read: https://www.godeye.club/2021/05/14/0
160 Dec 30, 2022
Flexible, portable, high-performance bit fields C++ library. unsigned a:13 becomes F<13> a;
C-plus-plus-library-bit-fields Flexible, portible, high-performance bit fields C++ library. The bit fields are specified with a dummy structure where
27 Oct 12, 2022
DRAGEN open-source mapper
Dragmap Dragmap is the Dragen mapper/aligner Open Source Software. Installation Prerequisites Compilation was tested on CentOS 7 C++11 compatible comp
115 Dec 14, 2022
Manual mapper that uses PTE manipulation, Virtual Address Descriptor (VAD) manipulation, and forceful memory allocation to hide executable pages. (VAD hide / NX bit swapping)
Stealthy Kernel-mode Injector Manual mapper that uses PTE manipulation, Virtual Address Descriptor (VAD) manipulation, and forceful memory allocation
137 Jan 3, 2023
Module Stomping, No New Thread, HellsGate syscaller, UUID Shellcode Runner for x64 Windows 10!
Ninja UUID Shellcode Runner Module Stomping, No New Thread, HellsGate syscaller, UUID Shellcode Runner for x64 Windows 10! Now supports running Cobalt
362 Dec 30, 2022
very basic and minimalistic hooking "library" for windows (x64 support soon)
IceHook very basic and minimalistic hooking "library" for windows (x64 support soon) Example how to use: typedef void(__stdcall* twglSwapBuffers)(HDC
5 Jul 25, 2022
Module Stomping, No New Thread, HellsGate syscaller, UUID Shellcode Runner for x64 Windows 10!
Ninja UUID Shellcode Runner Module Stomping, No New Thread, HellsGate syscaller, UUID Shellcode Runner for x64 Windows 10! Now supports running Cobalt
362 Dec 30, 2022
An open-source x64/x32 debugger for windows.
x64dbg An open-source binary debugger for Windows, aimed at malware analysis and reverse engineering of executables you do not have the source code fo
39.6k Dec 31, 2022