本项目是来自hasherezade,并在hasherezade基础上对关键函数进行systemcall,对内存操作api进行unhook。
使用方法:
processghost.exe blackexePath
具体的技术详解请查看:https://mp.weixin.qq.com/s/HE0Re6RZ0wojTwPnHjeF3Q
-
Notifications
You must be signed in to change notification settings - Fork 10
knightswd/ProcessGhosting
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
About
No description, website, or topics provided.
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published