APICallProxy
This Project is for Windows API Call Obfuscation to make static/Dynamic analysis of a program harder, and to make it harder to recognize and extract the sequance of Windows API the application Call.
It Work by replacing normal calls to windows API like CreateFile, WriteFile, OpenProcess,.. with a DeviceIoControl with the appropriate IOCTL code
I Create a sample Client that will do APC injection and a sample code to do Disable Signing Policy(DSE), and i will try to add more demo soon and implement more Windows API
Note that the APCInjector.exe only work as x64 bit application on x64 bit windows because the shellcode is x64 bit
i tested the Driver and the client communication on windows 10 0x64 and window 8.1 x64/x86 bit
Windows API:
-
CreateFile
-
OpenFile
-
DeleteFile
-
WriteFile
-
ReadFile
-
OpenProcess
-
TerminateProcess
-
OpenThread
-
CloseHandle
-
GetFileSize
-
ZwQuerySystemInformation
-
ZwAllocateVirtualMemory
-
VirtualProtectEx
-
WriteProcessMemory
-
ReadProcessMemory
-
NtSuspendProcess
-
NtResumeProcess
-
ZwCreateSection
-
ZwOpenSection
-
ZwMapViewOfSection
-
ZwUnmapViewOfSection
-
SetThreadContext
-
GetThreadContext
-
CreateThread
-
CreateRemoteThread
-
ResumeThread
-
SuspendThread
-
RegCreateKeyW
-
RegDeleteKeyW
-
RegGetValueW
-
RegEnumValueW
-
RegQueryValueW
-
RegRenameKey
-
RegSetValueW
-
NtLoadDriver
-
NtUnloadDriver
-
Get_ProcessID_From_Process_Name not windows API but usefull utility (can use ZwQuerySystemInformation to do the same)
Reference
https://github.com/hfiref0x/DSEFix
License:
MIT