GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → kkent030315 → NtSymbol

kkent030315 / NtSymbol

Licence: MIT license
Resolve DOS MZ executable symbols at runtime

Programming Languages

C++
36643 projects - #6 most used programming language

Labels

windowskernelrootkitsymbolrootkitsntsymbol

Projects that are alternatives of or similar to NtSymbol

Awesome Windows Security Development
awesome-windows-security-development
Stars: ✭ 154 (+97.44%)
Mutual labels:  kernel, rootkit
lsrootkit
Rootkit Detector for UNIX
Stars: ✭ 53 (-32.05%)
Mutual labels:  rootkit, rootkits
rkorova
ld_preload userland rootkit
Stars: ✭ 34 (-56.41%)
Mutual labels:  rootkit, rootkits
Diamorphine
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)
Stars: ✭ 725 (+829.49%)
Mutual labels:  kernel, rootkit
Sutekh
An example rootkit that gives a userland process root permissions
Stars: ✭ 62 (-20.51%)
Mutual labels:  kernel, rootkit
Hidden
Windows driver with usermode interface which can hide objects of file-system and registry, protect processes and etc
Stars: ✭ 768 (+884.62%)
Mutual labels:  kernel, rootkit
S6 pcie microblaze
PCI Express DIY hacking toolkit for Xilinx SP605
Stars: ✭ 301 (+285.9%)
Mutual labels:  kernel, rootkit
Shadow Box For Arm
Shadow-Box: Lightweight and Practical Kernel Protector for ARM (Presented at BlackHat Asia 2018)
Stars: ✭ 64 (-17.95%)
Mutual labels:  kernel, rootkit
Shadow Box For X86
Shadow-Box: Lightweight and Practical Kernel Protector for x86 (Presented at BlackHat Asia 2017/2018, beVX 2018 and HITBSecConf 2017)
Stars: ✭ 178 (+128.21%)
Mutual labels:  kernel, rootkit
first-steps-and-hardening-in-ubuntu-server-and-docker
First Steps in Ubuntu (Server) / Hardening and Config With Docker
Stars: ✭ 28 (-64.1%)
Mutual labels:  rootkit
kernel xiaomi raphael
// CAFest Kernel for XiaoMi SM8150 devices (raphael)(cepheus) Updated to CAF tag LA.UM.9.1.r1-10900.02-SMxxx0.QSSI12.0 with android-4.14-stable merged
Stars: ✭ 67 (-14.1%)
Mutual labels:  kernel
js-symbol-tree
Turn any collection of objects into its own efficient tree or linked list using Symbol
Stars: ✭ 86 (+10.26%)
Mutual labels:  symbol
CPL-1
Operating system in C written for fun and glory
Stars: ✭ 33 (-57.69%)
Mutual labels:  kernel
enhanced-plan9
google summer code
Stars: ✭ 13 (-83.33%)
Mutual labels:  kernel
DataTypes
Built-in data types
Stars: ✭ 34 (-56.41%)
Mutual labels:  symbol
linux-prog
Some C code i write to study systems programming (while reading The Linux Programming Interface)
Stars: ✭ 43 (-44.87%)
Mutual labels:  kernel
HideProcessHookMDL
A simple rootkit to hide a process
Stars: ✭ 43 (-44.87%)
Mutual labels:  rootkit
ebpfkit-monitor
ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits
Stars: ✭ 80 (+2.56%)
Mutual labels:  rootkit
tinyos
An UNIX-like toy operating system runs on x86 CPU
Stars: ✭ 47 (-39.74%)
Mutual labels:  kernel
tor-rootkit
A Python 3 standalone Windows 10 / Linux Rootkit using Tor.
Stars: ✭ 142 (+82.05%)
Mutual labels:  rootkit
View All Similar Projects ➔

NtSymbol

Resolve DOS MZ executable symbols at runtime

Example

You no longer have not have to use memory pattern scan inside your sneaky rootkit. Pass the RVAs into your kernel payloads!

int main()
{
    ntsymbol ntoskrnl("%SYSTEMROOT%\\system32\\ntoskrnl.exe");
    ntoskrnl.init();
    /* Useful for retriving NTOS image base without any calls */
    const auto RvaPsNtosImageBase = ntoskrnl.resolve(L"PsNtosImageBase");
    
    
    ntsymbol cidll("%SYSTEMROOT%\\system32\\CI.dll");
    cidll.init();
    /* DSE Bypass! */
    const auto RvaCiOptions = cidll.resolve(L"g_CiOptions");
}
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].