Skip to content
/ EasySafe Public

Known ring3 memory protections that can be handled at a simple level.

License

MIT license
61 stars 26 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

illegal-instruction-co/EasySafe

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

54 Commits
EasySafe
EasySafe
 
 
assets
assets
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
Example.cpp
Example.cpp
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
packages.config
packages.config
 
 

Repository files navigation

EasySafe


Known ring3 memory protections that can be handled at a simple level.

Example usage

Check Example.cpp

Syscall hooking

  1. Add a syscall hook
  2. Specify the action to be taken when the syscall you hooked is called. You can spoof the R10 and RAX values. (RAX is the value returned.)
  3. If syscalls are not invoked safely in the process safe method, your callback will be executed.
  4. The callback is called as it appears and the RAX is spoofed.

LoadLibrary protection

There are many ways to inject a dynamic link library using LoadLibrary in the process.

In either case, LoadLibrary will reference LdrLoadDll, which is still an internal function. In EasySafe, you can add certain dlls to the allowlist and call your callback without loading the rest.

About

Known ring3 memory protections that can be handled at a simple level.

Resources

Readme

License

MIT license
Activity

Stars

61 stars

Watchers

4 watching

Forks

26 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages