Skip to content
/ NtGate Public

Transparently call NTAPI via Halo's Gate with indirect syscalls.

Notifications You must be signed in to change notification settings

hiatus/NtGate

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

NtGate

Transparently call Nt* API functions using Halo's Gate and indirect syscalls. This code builds around the original Hell's Gate implementation and it's successors and aims to abstract away it's internals to provide a transparent interface to some NTAPI functions commonly used during malware development. A basic NtCreateThreadEx PoC is included in main.c.

Included Nt* Functions

  • NtAllocateReserveObject
  • NtAllocateVirtualMemory
  • NtCreateProcessEx
  • NtCreateThreadEx
  • NtOpenProcess
  • NtProtectVirtualMemory
  • NtQueryInformationProcess
  • NtQueueApcThreadEx
  • NtReadVirtualMemory
  • NtResumeThread
  • NtWaitForSingleObject
  • NtWriteVirtualMemory

References

This wouldn't be possible without the awesome work of some people.

About

Transparently call NTAPI via Halo's Gate with indirect syscalls.

Topics

Resources

Stars

Watchers

Forks