vmcall/MapDetection vmcall/MapDetection

  • Stars
    star
    153
  • Rank 242,281 (Top 5 %)
  • Language
    C#
  • License
    GNU General Publi...
  • Created about 7 years ago
  • Updated almost 7 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
vmcall/MapDetection
github

vmcall

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Detect manualmapped images remotely, without hassle

MapDetection

Detect manualmapped images remotely, without hassle

Confirmed Detections

  • Extreme Injector -> detected
  • Xenos -> detected (even with Add Loader reference enabled)

How does it work?

MapDetection has two modes, deep and quick.

Quick mode

Iterates every process thread, collecting allocation bases from thread starts and instruction pointers. It then scans every unique allocation base for any anomalies.

Deep mode

Run quick scan, then traverse the virtual memory space for any executable pages that do not belong to a module. (Will lead to false positives)

Anomalies MapDetection looks for

  • Valid PE headers (MZ signature, PE magic bytes and architecture)
  • Module is linked correctly to module list
  • Valid allocation type (MEM_IMAGE)
  • Valid allocation flags

Example of a manually mapped, possibly malicious, image that was picked up by MapDetection

Map Detection

More Repositories

1

dxgkrnl_hook

C++ graphics kernel subsystem hook
C
469
star
2

loadlibrayy

x64 manualmapper with kernel elevation and thread hijacking capabilities
C#
413
star
3

nt-mapper

C++17 PE manualmapper
C++
244
star
4

owned_alignment

Hooking kernel functions by abusing alignment
C++
238
star
5

latebros

x64 usermode rootkit
C++
197
star
6

x64-vm

x86-64 virtual machine and disassembler
C++
122
star
7

ElevateMe

Handle access elevation via direct kernel object manipulation
C#
119
star
8

ayyxam

Bypass for The Digital Exam Monitor developed by the Danish Ministry of Education (Den Digitale PrΓΈvevagt) and ExamCookie
C
103
star
9

battleye_emulation

BattlEye BEClient<->BEService usermode emulator
C++
80
star
10

eye_mapper

BattlEye x64 usermode injector
C++
61
star
11

token_manipulation

Bypass User Account Control by manipulating tokens
C++
31
star
12

captain_black

Black Desert Online cheayyt
C++
26
star
13

nt

NT reversal
C++
24
star
14

ControlCSGO

Old (read: bad) external csgo cheat, includes knife changer and convar bypass
C#
24
star
15

eac_reversal

Linux EAC reversal (.so)
C++
21
star
16

tetris

Tetris (ASCII) in c++17
C++
14
star
17

loggr

C++ console logging library (fmt wrapper)
C++
13
star
18

math

Math shit - Variadic vector and polygon math, statistical analysis etc
C++
11
star
19

tasklist-brutus

Undocumented way of fetching list of processes by bruteforcing NtQuerySystemInformation
C++
11
star
20

MatematikFessorBot

A bot that automated my math homework in middle school
C#
9
star
21

nc3ctf2019

NC3 CTF 2019
C++
4
star
22

vmcall

2
star
23

src

Analysis of numerical algorithms
C++
1
star