Skip to content
/ zero-entrypoint Public

POC of Flink/Blink swap with base entry point, CLEARS PEB-TEB-LDR-MODULE Flags and deletes cache

4 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

efibootkit/zero-entrypoint

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
hyperexecutable
hyperexecutable
 
 
hypermodule
hypermodule
 
 
README.md
README.md
 
 
hypermodule.sln
hypermodule.sln
 
 

Repository files navigation

Overview

This is a POC of module manipulation, it is manipulating the loaded module list within the PEB loader data table then swaps the Flink and Blink pointers with the BaseAddress and Entrypoint fields of LDR_MODULE structure, the memory is zeroed out which clears these fields. The EntryPoint / BaseAddress of the module is nulled and not accessible by any debugger.

Entry Point searched from its base address: Entry Point searched from its base address

About

POC of Flink/Blink swap with base entry point, CLEARS PEB-TEB-LDR-MODULE Flags and deletes cache

Topics

dll anticheat anti-debugging anticheat-bypass anti-tamper

Resources

Readme
Activity

Stars

4 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages