Inject dll to explorer.exe and hide file from process.

Overview

Hide-FS

Inject dll to explorer.exe and hide file from process.

Requierments:

Microsoft Detours Library - https://github.com/microsoft/Detours

Compile:

  1. Unzip source code, open command line and enter to source directory
  2. SET DETOURS_TARGET_PROCESSOR=X64
  3. C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Auxiliary\Build\vcvars64.bat
  4. NMAKE

Add detours.lib to Linker additional libraries.

Hooked Functions:

  • NtQueryDirectoryFile
    Microsoft try to hide it, The address to the function is dynamic, you need to find it yourself.
  • RtlUnicodeStringToAnsiString
Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe process

Custom HellsGate Implementation Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe pr

Bobby Cooke 88 Jun 20, 2022
Manual mapper that uses PTE manipulation, Virtual Address Descriptor (VAD) manipulation, and forceful memory allocation to hide executable pages. (VAD hide / NX bit swapping)

Stealthy Kernel-mode Injector Manual mapper that uses PTE manipulation, Virtual Address Descriptor (VAD) manipulation, and forceful memory allocation

Charlie Wolfe 87 Jul 22, 2022
Automatically inject a DLL into the selected process with VAC3 bypass.

FTP LOADER Automatically inject a DLL into the selected process with VAC3 bypass. This will only, most likely, work only with source engine games in s

null 18 Aug 26, 2021
Maker of special .exe, which contains additional files which are unpacked when .exe is run

exe-archivator Program that make exec-me.exe, which contains additional files which are unpacked when exec-me.exe is run. After compleating unpacking

Roman Karetnikov 4 Dec 17, 2021
EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and execute shellcode

HOLLOW - Cobalt Strike BOF Authors: Bobby Cooke (@0xBoku) Justin Hamilton (@JTHam0) Octavio Paguaga (@OakTree__) Matt Kingstone (@n00bRage) Beacon Obj

Bobby Cooke 190 Jul 27, 2022
Protect files under a specific folder from deleting or moving by explorer.exe.

Explorer-Delete-Protection Protect files under a specific folder from deleting or moving by explorer.exe. Requierments: Microsoft Detours Library - ht

null 4 Jan 2, 2022
A rewrite of the old legacy software "depends.exe" in C# for Windows devs to troubleshoot dll load dependencies issues.

Dependencies - An open-source modern Dependency Walker Download here (If you're running an AV, use this download instead) NB : due to limitations on /

null 5.2k Aug 12, 2022
Shared to msvcrt.dll or ucrtbase.dll and optimize the C/C++ application file size.

VC-LTL - An elegant way to compile lighter binaries. 简体中文 I would like to turn into a stone bridge, go through 500 years of wind, 500 years of Sun, ra

Chuyu Team 204 Aug 4, 2022
Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file

Process Ghosting This is my implementation of the technique presented by Gabriel Landau: https://www.elastic.co/blog/process-ghosting-a-new-executable

hasherezade 470 Aug 7, 2022
Hide a process,port,self under Linux using the ld_preload

vbackdoor 中文 Hide a process,port,self under Linux using the LD_PRELOAD rootkit. compile the library git clone https://github.com/veo/vbackdoor.git cd

veo 88 Aug 8, 2022
Inject a DLL into any program using this C++ program

DLL-Injection-Cpp Inject a DLL into any process using this C++ program Installation Go into a folder and open up Command Prompt. In command prompt run

n0 4 Apr 25, 2022
(FIXED) Since the one on github didn't work. (ALSO INCLUDES .DLL SO YOU CAN JUST INJECT INTO FORTNITE)

Marathon-Fortnite-Cheat-Fix-Leak Fortnite Marathon Cheat v18.20 FIXED [Leak] Getting started Open .sln with Visual Studio 2019 Compile batch build to

LUCIFER ® 2 Dec 13, 2021
Simple one file header for hijacking windows version.dll for desired executable to do 3rd party modifying without dll injection.

Version-Hijack Simple one file header for hijacking windows version.dll for desired executable to do 3rd party modifying without dll injection. Usage

sneakyevil 5 Mar 31, 2022
"Sigma File Manager" is a free, open-source, quickly evolving, modern file manager (explorer / finder) app for Windows, MacOS, and Linux.

"Sigma File Manager" is a free, open-source, quickly evolving, modern file manager (explorer / finder) app for Windows, MacOS, and Linux.

Aleksey Hoffman 898 Aug 7, 2022
CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)

Cobalt Strike BOF - Inject ETW Bypass Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate) Running InjectEtwBypass BOF from Cobalt

Bobby Cooke 224 Aug 3, 2022
Inject .NET assemblies into an existing process

inject-assembly - Execute .NET in an Existing Process This tool is an alternative to traditional fork and run execution for Cobalt Strike. The loader

Kyle Avery 326 Aug 6, 2022
Inject code into remote python process.

python-inject Inject code into remote python process. Table of Contents About The Project Built With Getting Started Prerequisites Installation Usage

Sarnax 6 Jan 10, 2022
Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.

Cobalt Strike "Where Am I?" Beacon Object File Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environmen

Bobby Cooke 87 Aug 11, 2022
Collection of DLL function export forwards for DLL export function proxying

dll-exports Collection of DLL function export forwards for DLL export function proxying. Typical usecase is for backdooring applications for persisten

Magnus Stubman 36 Aug 7, 2022