NikcloasZhao's starred repositories
WeChatRobot
微信HOOK、微信机器人 wxhook,数据库解密 微信公众号采集 微信公众号爬虫,企业微信HOOK
hermes-guard
windows execution redirector with fake addresses (anti-analysis / anti-debug)
fs_driver_loader
Load driver on boot before anti-cheats
ShellcodeFluctuation
An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents
ThreadStackSpoofer
Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.
HookHunter
Analyze patches in a process
no-access-protection-x86
Encrypt text section and set protection to NO_ACCESS.
import-hunter
A utility header which allows you to hide imports in kernel.
custom_data_ptr_swap_sample
kinda custom data ptr swap communication method
lenovo_mapper
driver manual mapper powered by https://github.com/estimated1337/lenovo_exec
ReadPhysicalMemory-Without-API
This project can bypass most of the AC except for some perverts that enable VT to monitor page tables
GhostMapperUM
manual map unsigned driver over signed memory
CheatEngine-DMA
Cheat Engine Plugin for DMA users
video-analyse
短视频解析平台支持解析 抖音、快手、ins、faceBook、youtobe、西瓜视频、今日头条、小红书、微视、火山小视频、陌陌视频、映客视频、小咖秀、开眼、全民小视频、全民K歌、最右、小影、微博、美拍、皮皮虾等平台的短视频去水印解析API接口
AHeadLib.Net
The C# version of AHeadLib solves various problems such as instability and incompatibility with x64 of previous versions.
RWX_MEMEORY_HUNT_AND_INJECTION_DV
Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.
windows_x64_shellcode_template
An easily modifiable shellcode template for Windows x64 written in C