Giters

vmcall / nt-mapper

C++17 PE manualmapper

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

nt-mapper

PE mapper in c++17

Features

  • Relocate image
  • Fix import address table
    • Handle api-set
  • Export directory parsing (forwarded and normal)
  • Two execution modes: 'Thread creation' and 'Thread hijacking'

Thread Hijacker

  • Preserves all registers, volatile or not
    • Exception 1: SSE registers
    • Exception 2: AVX registers
  • Preserves all flags
  • Automatically frees hijack shellcode after execution
  • Arbitrary shadow-space for dllmain
  • Aligns stack in case of recusant code

To-do

  • Static TLS
  • TLS callbacks
  • Loader entry
  • C++ exceptions

Thanks

  • DarthTon
  • Daax
  • JustMagic

About

C++17 PE manualmapper

License:GNU General Public License v3.0

Languages

Language:C++ 99.0%Language:Assembly 1.0%