• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    公众号

Synestraa/Highcall-Library: usermode standalone kernel interface

原作者: [db:作者] 来自: 网络 收藏 邀请

开源软件名称(OpenSource Name):

Synestraa/Highcall-Library

开源软件地址(OpenSource Url):

https://github.com/Synestraa/Highcall-Library

开源编程语言(OpenSource Language):

C 48.6%

开源软件介绍(OpenSource Introduction):

Highcall-Library

Designed for avoiding detection from behavior analytics, sandboxes, anti-cheats, anti-viruses used in windows, avoiding common detection routines.

Supported systems are Windows 7, Windows 8, Windows 8.1, Windows 10. Highcall is capable of running both in native x86/64 and as x86_64 in a wow64 process. Some procedures, in a wow64 environment while highcall is used, are going to use a gate to call the x86_64 version of a system call, instead of the windows wow64's version of it. This avoids the old trick of hooking the callgate procedure.

  • External/Internal Process
    • List, find and open processes.
    • Enumerate Ldr/No PE/No Ldr modules.
    • Manipulate virtual memory
    • Kill/Suspend/Resume any process
    • Configure access tokens
    • Static module reading
    • Code pattern searching
  • Internal Process
    • Locate export addresses without LdrGetProcedureAddress
    • Relocate/Restore functions
    • Hook functions with relocation fixes
    • Handy safe reading functions
    • String helpers (such as ignore case comparison, validation, tokenizing)
    • Error setting (compatible with WINAPI) includes notes
  • New features
    • injecting from 32 bit to 64, 32 to 32, 64 to 32 and 64 to 64.
    • debugger detection
    • memory scanning detection (cheat engine, etc.)
    • many ports to be able to do 32 to 64 and 64 to 32 things.



鲜花

握手

雷人

路过

鸡蛋
该文章已有0人参与评论

请发表评论

全部评论

专题导读
热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap