Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/keowu/instrumentationcallbacktoolkit

A fast method to intercept syscalls from any user-mode process using InstrumentationCallback and detect any process using InstrumentationCallback.
https://github.com/keowu/instrumentationcallbacktoolkit

anticheat instrumentation malware nirvana ntoskrnl reverse-engineering syscall windows

Last synced: 3 days ago
JSON representation

A fast method to intercept syscalls from any user-mode process using InstrumentationCallback and detect any process using InstrumentationCallback.

Awesome Lists containing this project

README 

        
# Instrumentation Callback ToolKit

 

 
 A fast method to intercept syscalls from any user-mode process using InstrumentationCallback and detect any process using InstrumentationCallback. 



[](https://www.youtube.com/embed/LHb-fx-fKCA)



##### The project is divided into two parts:



SmellsLikeKernelSpirit - It is responsible for installing an instrumentation callback in the target process through DLL injection (usually from the currently running main thread).



DetectProcessContainerNirvaned - It is responsible for detecting a process container with an instrumentation callback installed in any operating system process.



#### Using DetectProcessContainerInstrumented:



You can compile and use it in your heuristics to detect whether your user-land process or which user-land processes are using the resource.





 




#### Using SmellsLikeKernelSpirit(x86 and x64):



You can download precompiled binaries and their respective debug files from the 'release' tab of this repository to avoid the need for compilation (and directly intercept).



When injecting, a console will be allocated for the process and will capture any of the system calls used by it.



Exemple: