- Use NT functions
- Resolve nt functions with custom GetProcAddress and GetModuleHandle
- Use a 'custom' malloc function with NtAllocateVirtualMemoy
- Works for both x86 (WoW64) & x64
Thx to :
- Sektor7 for custom GetProcAddress (Sektor7 Malware Development Intermediate Section 2. PE madness)
- @arbiter34 for strings handling : github
