HoShiMin/Avanguard HoShiMin/Avanguard

  • Stars
    star
    202
  • Rank 187,520 (Top 4 %)
  • Language
    C++
  • License
    GNU General Publi...
  • Created about 5 years ago
  • Updated almost 5 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
HoShiMin/Avanguard
github

HoShiMin

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

The Win32 Anti-Intrusion Library

Avanguard

The Win32 Anti-Intrusion Library

Avanguard is the Windows anti-injection library written on C++.

🔙🔚 Current and in-dev capabilities:

  • [✔️] Threads filter (against of CreateRemoteThread)
  • [✔️] Modules filter
  • [✔️] Memory filter (support of JIT-based languages)
  • [✔️] Stacktrace checker
  • [✔️] Windows hooks detection
  • [✔️] AppInit_DLLs disabler
  • [✔️] Memory mapping based injects detection
  • [✔️] APC filter
  • [✔️] Threads context filter (to prevent a context steal)
  • [] HWIDs collector
  • [] Java/C#/Delphi bindings and API
  • [] Anti-macroses (virtual input blocking)
  • [] Anti-debugging techniques
  • [] Self-modification support
  • [] DACLs-based protection

📝 Dependencies:

  • HookLib - lightweight and convenient hook library written on pure C and NativeAPI
  • Zydis - extremely lightweight disassembler
  • t1ha - the fastest hash ever
  • xorstr - a heavily vectorized C++17 compile-time strings encryptor

📐 How to use:

First of all, clone it with all dependencies:

git clone --recursive https://github.com/HoShiMin/Avanguard.git

All you need is to build the Avanguard.dll and add it to your application's import table.

#include <cstdio>
#include <Windows.h>

#include <AvnApi.h>
#pragma comment(lib, "Avanguard.lib")

int main()
{
    // Using of Avanguard's symbols binds it to your app:
    printf("[i] AvnStub: %p\n", Stub);
    while (true);
}

Or you can add it to import table manually using PE editors like CFF Explorer:

  1. Right click on your exe/dll
  2. Open with CFF Explorer
  3. Import Adder tree entry -> Add -> Choose Avanguard.dll
  4. Choose Stub -> Import by name -> Rebuild import table
  5. Go to Import directory tree entry
  6. Right click on Avanguard.dll -> Move up
  7. Move it on the top of import list (it allows Avanguard.dll to load before of all another dlls)
  8. Press save button (💾 button at the top)
  9. Done! Now put the Avanguard.dll to the same folder as your exe/dll.

🛠 Settings:

You can change enabled features in the AvnDefinitions.h file.
If you want to use it with JIT, you MUST enable FEATURE_MEMORY_FILTER to prevent a false detections.

More Repositories

1

Kernel-Bridge

Windows kernel hacking framework, driver template, hypervisor and API written on C++
C++
1,564
star
2

HookLib

The functions interception library written on pure C and NativeAPI with UserMode and KernelMode support
C
687
star
3

formatPE

A bunch of parsers for PE and PDB formats in C++
C++
208
star
4

Sig

The most powerful and customizable binary pattern scanner
C++
192
star
5

EnjoyTheRing0

Шаблон полнофункционального драйвера и обёртки над ядерным API
C
107
star
6

AriadnaProject

🧶 The Win32 usermode threading library with UMS/fibers/threads support
C++
30
star
7

Arch

A bunch of architectural headers for i386 and AMD64
C++
29
star
8

BeeSynth

The frequency-perfect synthesizer for a PC-speaker
Rust
13
star
9

VU-meter

Just a volume visualization on a keyboard
C++
7
star