{"id":20408356,"url":"https://github.com/DErDYAST1R/SilentFunctionCaller","last_synced_at":"2025-05-08T14:32:04.765Z","repository":{"id":258937854,"uuid":"875939302","full_name":"i32-Sudo/SilentFunctionCaller","owner":"i32-Sudo","description":"Allows for same-file KernelMode function execution using Encrypted addresses of Functions","archived":false,"fork":false,"pushed_at":"2024-10-21T08:01:32.000Z","size":109,"stargazers_count":7,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-10-23T06:52:56.562Z","etag":null,"topics":["address","call","caller","calling","decrypt","decryption","encrypt","encryption","fake","hiding","jmp","memory","silent","spoofing"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/i32-Sudo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-10-21T06:11:43.000Z","updated_at":"2024-10-22T19:54:20.000Z","dependencies_parsed_at":"2024-10-21T09:13:50.349Z","dependency_job_id":null,"html_url":"https://github.com/i32-Sudo/SilentFunctionCaller","commit_stats":null,"previous_names":["i32-sudo/silentfunctioncaller"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/i32-Sudo%2FSilentFunctionCaller","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/i32-Sudo%2FSilentFunctionCaller/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/i32-Sudo%2FSilentFunctionCaller/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/i32-Sudo%2FSilentFunctionCaller/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/i32-Sudo","download_url":"https://codeload.github.com/i32-Sudo/SilentFunctionCaller/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224737431,"owners_count":17361345,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["address","call","caller","calling","decrypt","decryption","encrypt","encryption","fake","hiding","jmp","memory","silent","spoofing"],"created_at":"2024-11-15T05:30:28.361Z","updated_at":"2025-05-08T14:31:59.474Z","avatar_url":"https://github.com/i32-Sudo.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SilentFunctionCaller\nAllows for same-file KernelMode function execution using Encrypted addresses of Functions and a custom caller.\n\nThis project demonstrates how you can cache risky functions or functions you dont want statically or dynamically traced and encrypt them in a buffer for usage later in the program where they can be decrypted and ran with Template Arguments. How this driver works is when it first runs it caches and encrypts all the addresses set by the user and saves it in a buffer. This buffer will hold multiple of the same (decrypted) address but have multiple versions of its encrypted self, With diferent keys and values.\n\nThis is very useful because it makes it extremely difficult almost near impossible to statically trace which functions are doing what (The arguments are a pretty big give-away) and when dynamically tracing its about the same if not harder because of kernel threading and the ability to debug kernel drivers (you cant really) making this useful for ACs and AVs.\n\nEven when you say \"Its still loaded at the start of the program\" These objects are deleted and the array/buffer is completely random, They wont be able to pick out each function in it.\n\nHow this driver identifies Driver Functions \u0026 Recognizes them is through their FUNCTION_ID which is set by the user. This is some \u003c 0x100 offset that is just an identifier for the function in its data struct. This is a possible security flaw/vulnerability but I dont say its a big issue because its just a (flag) at best and there is nothing special about it. ACs and AVs look for full pointers \u0026 addresses, Not 0x20 \u0026 0x1F flags.\n\n# Plans\n- ✅ Call Address Spoofing\n- ❌ Condition Address Jumping (if (x) then -\u003e JMP encrypted addr)\n- ❌ Add signature scanning for finding address of function to add\n\n![Demo](https://raw.githubusercontent.com/i32-Sudo/SilentFunctionCaller/refs/heads/main/RVK.png)\n( Its an ass project made to look good, just doing this for a school project )\nThanks Europapa for encryption \u003c3\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FDErDYAST1R%2FSilentFunctionCaller","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FDErDYAST1R%2FSilentFunctionCaller","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FDErDYAST1R%2FSilentFunctionCaller/lists"}