{"id":32024269,"url":"https://github.com/th3spl/noimportz","last_synced_at":"2025-10-16T11:02:04.437Z","repository":{"id":263065737,"uuid":"889245191","full_name":"Th3Spl/NoImportz","owner":"Th3Spl","description":"Simple single file header for creating zero imports drivers. Can be useful for bypassing forensic memory analysis performed by anticheats, for example.","archived":false,"fork":false,"pushed_at":"2025-06-10T14:38:16.000Z","size":38,"stargazers_count":10,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-06-10T16:19:12.511Z","etag":null,"topics":["anticheat","cpp-features","kernel","pe-header","windows-kernel"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Th3Spl.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-11-15T22:29:38.000Z","updated_at":"2025-06-10T14:37:47.000Z","dependencies_parsed_at":"2024-11-16T07:54:00.764Z","dependency_job_id":null,"html_url":"https://github.com/Th3Spl/NoImportz","commit_stats":null,"previous_names":["th3spl/noimportz"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/Th3Spl/NoImportz","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Th3Spl%2FNoImportz","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Th3Spl%2FNoImportz/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Th3Spl%2FNoImportz/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Th3Spl%2FNoImportz/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Th3Spl","download_url":"https://codeload.github.com/Th3Spl/NoImportz/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Th3Spl%2FNoImportz/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279181258,"owners_count":26120912,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-16T02:00:06.019Z","response_time":53,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["anticheat","cpp-features","kernel","pe-header","windows-kernel"],"created_at":"2025-10-16T11:01:15.286Z","updated_at":"2025-10-16T11:02:04.432Z","avatar_url":"https://github.com/Th3Spl.png","language":"C++","readme":"# NoImportz ( By: Th3Spl )\n\nSo, i was reading a blog post about cheat detections from anti-cheats ( ACs ) \u003c/br\u003e\nspecifically [`Detecting manually mapped drivers`](https://tulach.cc/detecting-manually-mapped-drivers/)\nwritten by [`SamuelTulach`](https://github.com/SamuelTulach) \u003cbr/\u003e \nso after reading it i came up with a very simple solution... \u003cbr/\u003e\nI highly suggest to read the article before checking this project out.\n\n## How it works:\nSo, it's very easy and straightforward but i would like to explain so that people \u003cbr/\u003e\nwho are just getting into the windows Kernel environment can gather some useful info. \u003cbr/\u003e\n\n- We get the `PsLoadedModuleList` ( which contains all the legitly loaded drivers )\n- We iterate through the list and find the target module base address\n- We dynamically find the exports using some `PE Header` knowledge ( similar to `MmGetSystemRoutineAddress` )\n- We then use some modern C++ features to create a single function `call` which can handle everything\n\nAnd well... that's all, is actually nothing new or extraordinary but it can still be useful for someone \u003cbr/\u003e\u003cbr/\u003e\n**Note: there will be only one import: `PsLoadedModuleList` which will most likely be inlined by the compiler \u003c/br\u003e\nand does not represent a problem since it does not generate `jmp` ( it's just a pointer. )**\n\n## Usage: \nFor a simple code example ready to compile you can check out the [`example project`](https://github.com/Th3Spl/NoImportz/tree/main/NoImportz). \u003cbr/\u003e\n**It requires: `ISO C++17 Standard (/std:c++17)`**\n\nInitialization:\n```cpp\n/* This will target ONLY ntoskrnl.exe */ \nNoImportz winapi;\n\n/* In case you want to specify a specific module */\nNoImportz fltmgr( L\"fltmgr.sys\" );\n\n/* Initialization check */\nif ( !winapi.is_initialized() )\n  return STATUS_UNSUCCESSFUL;\n```\n\nCalling a function:\n```cpp\n/* standard call */\nPVOID addr = winapi.call\u003cdecltype( ExAllocatePool2 )\u003e (\n\t\"ExAllocatePool2\", POOL_FLAG_NON_PAGED,\n\t4096, 'TeSt'\n);\n\n/* using wrapper MACROs */\naddr = ni_call(\n\twinapi, ExAllocatePool2, \n\tPOOL_FLAG_NON_PAGED, 4096, 'TeSt'\n);\n```\n**Note: if you have to call a function multiple times you can wrap it into a different unique function...**\n\n## Features:\n- [x] Supports all modules\n- [x] Supports variadic functions\n\n#### By: Th3Spl\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fth3spl%2Fnoimportz","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fth3spl%2Fnoimportz","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fth3spl%2Fnoimportz/lists"}