jackullrich/memfuck jackullrich/memfuck

  • Stars
    star
    141
  • Rank 259,971 (Top 6 %)
  • Language
    C++
  • Created about 4 years ago
  • Updated about 4 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
jackullrich/memfuck
github

jackullrich

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A PoC designed to bypass all usermode hooks in a WoW64 environment.

memfuck

A PoC designed to bypass all usermode hooks in a WoW64 environment.

MemFuck will unmap everything. Then you are free to execute code in an environment free of user-mode hooks.

Just don't rely on Rtl* functions or anything other than Nt* functions :)

To look up syscall numbers for your system, please visit: https://j00ru.vexillium.org/syscalls/nt/64/

Tested on Windows 10 x64 Build 19041.508

To learn more about the project visit: https://winternl.com/memfuck/

More Repositories

1

ShellcodeStdio

An extensible framework for easily writing compiler optimized position independent x86 / x64 shellcode for windows platforms.
C++
396
star
2

syscall-detect

PoC capable of detecting manual syscalls from usermode.
C++
152
star
3

Windows-API-Fuzzer

Designed to learn OS specific anti-emulation patterns by fuzzing the Windows API.
C++
91
star
4

TRunPE

A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original entrypoint.
C
91
star
5

universal-syscall-64

Resolve syscall numbers at runtime for all Windows versions.
C#
54
star
6

EmulateMe

Showing how proof-of-work can be used to evade antivirus emulators.
C#
9
star