- This repo contains implementations of Direct and Indirect Syscalls and Reimplementations of various process injection techniques using Indirect Syscalls
- Also Included an NTAPI implementation of vanilla process injection as the syscall examples build upon that.
- NTAPI Injection involves injecting code that uses Native API (NTAPI) functions directly. NTAPI functions are lower-level than the standard Windows API functions
- Direct syscalls involve making system calls directly from user mode to kernel mode without using the standard Windows API functions.
- Performing Indirect Syscalls by jumping to the address where the syscall is located in ntdll, instead of executing the syscall instruction ourselves
- Here, we leverage NtCreateSection and NtMapViewSection to create memory sections and map our shellcode into it, avoids use of commmon APIS
- This repo contains content intended solely for educational and research purposes, and not to be used for malicious purposes or illegal activities.
- The project is based on the incredible resources listed below: