{"id":13515608,"url":"https://github.com/DarthTon/Blackbone","last_synced_at":"2025-03-31T05:30:42.534Z","repository":{"id":12764903,"uuid":"15438255","full_name":"DarthTon/Blackbone","owner":"DarthTon","description":"Windows memory hacking library","archived":false,"fork":false,"pushed_at":"2024-01-26T04:56:16.000Z","size":8269,"stargazers_count":4839,"open_issues_count":109,"forks_count":1335,"subscribers_count":251,"default_branch":"master","last_synced_at":"2024-11-01T19:36:40.403Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/DarthTon.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2013-12-25T17:22:49.000Z","updated_at":"2024-11-01T11:35:35.000Z","dependencies_parsed_at":"2024-06-11T01:55:53.041Z","dependency_job_id":"671b290e-bcb3-4c93-a604-2d0bade320e8","html_url":"https://github.com/DarthTon/Blackbone","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DarthTon%2FBlackbone","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DarthTon%2FBlackbone/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DarthTon%2FBlackbone/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DarthTon%2FBlackbone/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/DarthTon","download_url":"https://codeload.github.com/DarthTon/Blackbone/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246423527,"owners_count":20774795,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T05:01:13.435Z","updated_at":"2025-03-31T05:30:40.066Z","avatar_url":"https://github.com/DarthTon.png","language":"C++","readme":"# Blackbone\n\n### Windows memory hacking library\n\n## Features\n\n- **x86 and x64 support**\n\n**Process interaction**\n - Manage PEB32/PEB64\n - Manage process through WOW64 barrier\n\n**Process Memory**\n - Allocate and free virtual memory\n - Change memory protection\n - Read/Write virtual memory \n\n**Process modules**\n - Enumerate all (32/64 bit) modules loaded. Enumerate modules using Loader list/Section objects/PE headers methods.\n - Get exported function address\n - Get the main module\n - Unlink module from loader lists\n - Inject and eject modules (including pure IL images)\n - Inject 64bit modules into WOW64 processes\n - Manually map native PE images\n\n**Threads**\n - Enumerate threads\n - Create and terminate threads. Support for cross-session thread creation.\n - Get thread exit code\n - Get main thread\n - Manage TEB32/TEB64\n - Join threads\n - Suspend and resume threads\n - Set/Remove hardware breakpoints\n\n**Pattern search**\n - Search for arbitrary pattern in local or remote process\n \n**Remote code execution**\n - Execute functions in remote process\n - Assemble own code and execute it remotely\n - Support for cdecl/stdcall/thiscall/fastcall conventions\n - Support for arguments passed by value, pointer or reference, including structures\n - FPU types are supported\n - Execute code in new thread or any existing one\n \n**Remote hooking**\n - Hook functions in remote process using int3 or hardware breakpoints\n - Hook functions upon return\n \n**Manual map features**\n - x86 and x64 image support\n - Mapping into any arbitrary unprotected process\n - Section mapping with proper memory protection flags\n - Image relocations (only 2 types supported. I haven't seen a single PE image with some other relocation types)\n - Imports and Delayed imports are resolved\n - Bound import is resolved as a side effect, I think\n - Module exports\n - Loading of forwarded export images\n - Api schema name redirection\n - SxS redirection and isolation\n - Activation context support\n - Dll path resolving similar to native load order\n - TLS callbacks. Only for one thread and only with PROCESS_ATTACH/PROCESS_DETACH reasons.\n - Static TLS\n - Exception handling support (SEH and C++)\n - Adding module to some native loader structures(for basic module api support: GetModuleHandle, GetProcAdress, etc.)\n - Security cookie initialization\n - C++/CLI images are supported\n - Image unloading \n - Increase reference counter for import libraries in case of manual import mapping\n - Cyclic dependencies are handled properly\n \n**Driver features**\n- Allocate/free/protect user memory\n- Read/write user and kernel memory\n- Disable permanent DEP for WOW64 processes\n- Change process protection flag\n- Change handle access rights\n- Remap process memory\n- Hiding allocated user-mode memory\n- User-mode dll injection and manual mapping\n- Manual mapping of drivers\n\n## Requirements\n\n- Visual Studio 2017 15.7 or higher\n- Windows SDK 10.0.17134 or higher\n- WDK 10.0.17134 or higher (driver only)\n- VC++ 2017 Libs for Spectre (x86 and x64)\n- Visual C++ ATL (x86/x64) with Spectre Mitigations\n\n## License\nBlackbone is licensed under the MIT License. Dependencies are under their respective licenses.\n\n![Library](https://github.com/DarthTon/Blackbone/workflows/Library/badge.svg?branch=master) ![Driver](https://github.com/DarthTon/Blackbone/workflows/Driver/badge.svg?branch=master)\n","funding_links":[],"categories":["Operating System","C++"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FDarthTon%2FBlackbone","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FDarthTon%2FBlackbone","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FDarthTon%2FBlackbone/lists"}