HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

C/C++ AtlasLdr - Reflective x64 PE/DLL Loader implemented using Dynamic Indirect Syscalls

Status
Not open for further replies.
itsMe

itsMe

*KillmeMories*
Staff member
Administrator
Super Moderator
Hacker
Specter
Crawler
Shadow
Joined
Jan 8, 2019
Messages
56,609
Solutions
2
Reputation
32
Reaction score
100,454
Points
2,313
Credits
32,610
‎6 Years of Service‎
 
76%
291193878-8737996e-2da8-4025-b128-0e65d1080af0.png


Atlas is a reflective x64 loader that has the following features:

Features

    Retrieve of DLL and PE from a remote server
    Manual Mapping on a remote process
    Position independent code
    Use of indirect Syscalls
        ZwAllocateVirtualMemory
        ZwProtectVirtualMemory
        ZwQuerySystemInformation
        ZwFreeVirtualMemory
        ZwCreateThreadEx
    Single stub for all Syscalls
        Dynamic SSN retrieve
        Dynamic Syscall address resolution
    Atlas also uses
        LdrLoadDll
        NtWriteVirtualMemory
    Custom implementations of
        GetProcAddress
        GetModuleHandle
    API hashing
    Cleanup on error
    Variable EntryPoint

To see this hidden content, you must like this content.
 
Status
Not open for further replies.
Back
Top