Skip to content
/ IORI_Loader Public

UUID shellcode Loader with dynamic indirect syscall implementation, syscall number/instruction get resolved dynamicaly at runtime, and the syscall number/instruction get unhooked using Halosgate technique. Function address get resolved from the PEB by offsets and comparaison by hashes

8 stars 38 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

0xRobert/IORI_Loader

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
sysUUID
sysUUID
 
 
README.md
README.md
 
 

Repository files navigation

IORI_Loader - Bypass EDRs

iori

Description

FUD advanced Loader implementing dynamic indirect syscall with syscall number and syscall instruction Unhooking with Halosgate technic. Shellcode in UUIDs format to avoid static analysis, syscall instructions and syscall number don't exist in the binary opcode which makes it avoid static analysis and they get resolved at run time. also it gets the API addresses from the PEB by offsets and the comparison is done by hashing.

Credits / References

@smelly__vx & @am0nsec ( Creators/Publishers of the Hells Gate technique )

Reenz0h from @SEKTOR7net (Creator of the HalosGate technique )

About

UUID shellcode Loader with dynamic indirect syscall implementation, syscall number/instruction get resolved dynamicaly at runtime, and the syscall number/instruction get unhooked using Halosgate technique. Function address get resolved from the PEB by offsets and comparaison by hashes

Resources

Readme
Activity

Stars

8 stars

Watchers

1 watching

Forks

38 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages