├── .gitignore
├── Image1.PNG
├── Image2.PNG
├── Image3.PNG
├── Includes.hpp
├── LICENSE
├── README.md
├── Read Me.txt
├── SimpleByPass.sln
├── SimpleByPass.vcxproj
├── SimpleByPass.vcxproj.filters
├── SimpleByPass.vcxproj.user
├── SysCall.hpp
├── hdlog.hpp
├── main.cpp
└── syscalls.asm


/.gitignore:
--------------------------------------------------------------------------------
 1 | # Prerequisites
 2 | *.d
 3 | 
 4 | # Compiled Object files
 5 | *.slo
 6 | *.lo
 7 | *.o
 8 | *.obj
 9 | 
10 | # Precompiled Headers
11 | *.gch
12 | *.pch
13 | 
14 | # Compiled Dynamic libraries
15 | *.so
16 | *.dylib
17 | *.dll
18 | 
19 | # Fortran module files
20 | *.mod
21 | *.smod
22 | 
23 | # Compiled Static libraries
24 | *.lai
25 | *.la
26 | *.a
27 | *.lib
28 | 
29 | # Executables
30 | *.exe
31 | *.out
32 | *.app
33 | 


--------------------------------------------------------------------------------
/Image1.PNG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0sha0/SimpleByPass/077d9ca7e23d30eaadc4245c316ef3f700b7df44/Image1.PNG


--------------------------------------------------------------------------------
/Image2.PNG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0sha0/SimpleByPass/077d9ca7e23d30eaadc4245c316ef3f700b7df44/Image2.PNG


--------------------------------------------------------------------------------
/Image3.PNG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0sha0/SimpleByPass/077d9ca7e23d30eaadc4245c316ef3f700b7df44/Image3.PNG


--------------------------------------------------------------------------------
/Includes.hpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0sha0/SimpleByPass/077d9ca7e23d30eaadc4245c316ef3f700b7df44/Includes.hpp


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2024 Shashen
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # SimpleByPass<br />
 2 | Simple Shellcode Loader Using <br />
 3 | 1.Syscall to unhook(Anti EtwHook)  <br />
 4 | 2.Detours(Hook MessageBox to Load) <br />
 5 | 3.Simple hijacking Shellcode <br />
 6 | 4.Dynamic Function to Anti Simple Scan<br />
 7 | <br />
 8 | ---------------------How to Build---------------------<br />
 9 | vcpkg to install detours lib<br />
10 | VS2019 WIN10<br />
11 | ---------------------How to Build---------------------<br />
12 | <img src="https://github.com/0sha0/SimpleByPass/blob/main/Image1.PNG"/><br />
13 | <img src="https://github.com/0sha0/SimpleByPass/blob/main/Image2.PNG"/><br />
14 | <img src="https://github.com/0sha0/SimpleByPass/blob/main/Image3.PNG"/><br />
15 | Powered By ShaShen<br />
16 | 


--------------------------------------------------------------------------------
/Read Me.txt:
--------------------------------------------------------------------------------
1 | Powered By ShaShen


--------------------------------------------------------------------------------
/SimpleByPass.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio Version 16
 4 | VisualStudioVersion = 16.0.34407.143
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SimpleByPass", "SimpleByPass.vcxproj", "{1D4A3BBD-F068-462D-898D-2F215871E744}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|x64 = Debug|x64
11 | 		Debug|x86 = Debug|x86
12 | 		Release|x64 = Release|x64
13 | 		Release|x86 = Release|x86
14 | 	EndGlobalSection
15 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | 		{1D4A3BBD-F068-462D-898D-2F215871E744}.Debug|x64.ActiveCfg = Debug|x64
17 | 		{1D4A3BBD-F068-462D-898D-2F215871E744}.Debug|x64.Build.0 = Debug|x64
18 | 		{1D4A3BBD-F068-462D-898D-2F215871E744}.Debug|x86.ActiveCfg = Debug|Win32
19 | 		{1D4A3BBD-F068-462D-898D-2F215871E744}.Debug|x86.Build.0 = Debug|Win32
20 | 		{1D4A3BBD-F068-462D-898D-2F215871E744}.Release|x64.ActiveCfg = Release|x64
21 | 		{1D4A3BBD-F068-462D-898D-2F215871E744}.Release|x64.Build.0 = Release|x64
22 | 		{1D4A3BBD-F068-462D-898D-2F215871E744}.Release|x86.ActiveCfg = Release|Win32
23 | 		{1D4A3BBD-F068-462D-898D-2F215871E744}.Release|x86.Build.0 = Release|Win32
24 | 	EndGlobalSection
25 | 	GlobalSection(SolutionProperties) = preSolution
26 | 		HideSolutionNode = FALSE
27 | 	EndGlobalSection
28 | 	GlobalSection(ExtensibilityGlobals) = postSolution
29 | 		SolutionGuid = {4BC13386-B946-46F4-B1B4-2D3BD72D2CEF}
30 | 	EndGlobalSection
31 | EndGlobal
32 | 


--------------------------------------------------------------------------------
/SimpleByPass.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <VCProjectVersion>16.0</VCProjectVersion>
 23 |     <Keyword>Win32Proj</Keyword>
 24 |     <ProjectGuid>{1d4a3bbd-f068-462d-898d-2f215871e744}</ProjectGuid>
 25 |     <RootNamespace>SimpleByPass</RootNamespace>
 26 |     <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
 27 |   </PropertyGroup>
 28 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 29 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 30 |     <ConfigurationType>Application</ConfigurationType>
 31 |     <UseDebugLibraries>true</UseDebugLibraries>
 32 |     <PlatformToolset>v142</PlatformToolset>
 33 |     <CharacterSet>Unicode</CharacterSet>
 34 |   </PropertyGroup>
 35 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 36 |     <ConfigurationType>Application</ConfigurationType>
 37 |     <UseDebugLibraries>false</UseDebugLibraries>
 38 |     <PlatformToolset>v142</PlatformToolset>
 39 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 40 |     <CharacterSet>Unicode</CharacterSet>
 41 |   </PropertyGroup>
 42 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 43 |     <ConfigurationType>Application</ConfigurationType>
 44 |     <UseDebugLibraries>true</UseDebugLibraries>
 45 |     <PlatformToolset>v142</PlatformToolset>
 46 |     <CharacterSet>Unicode</CharacterSet>
 47 |   </PropertyGroup>
 48 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 49 |     <ConfigurationType>Application</ConfigurationType>
 50 |     <UseDebugLibraries>false</UseDebugLibraries>
 51 |     <PlatformToolset>v142</PlatformToolset>
 52 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 53 |     <CharacterSet>Unicode</CharacterSet>
 54 |   </PropertyGroup>
 55 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 56 |   <ImportGroup Label="ExtensionSettings">
 57 |   </ImportGroup>
 58 |   <ImportGroup Label="Shared">
 59 |   </ImportGroup>
 60 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 61 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 62 |   </ImportGroup>
 63 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 64 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 65 |   </ImportGroup>
 66 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 67 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 68 |   </ImportGroup>
 69 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 70 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 71 |   </ImportGroup>
 72 |   <PropertyGroup Label="UserMacros" />
 73 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 74 |     <LinkIncremental>true</LinkIncremental>
 75 |   </PropertyGroup>
 76 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 77 |     <LinkIncremental>false</LinkIncremental>
 78 |   </PropertyGroup>
 79 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 80 |     <LinkIncremental>true</LinkIncremental>
 81 |   </PropertyGroup>
 82 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 83 |     <LinkIncremental>false</LinkIncremental>
 84 |   </PropertyGroup>
 85 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 86 |     <ClCompile>
 87 |       <WarningLevel>Level3</WarningLevel>
 88 |       <SDLCheck>true</SDLCheck>
 89 |       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 90 |       <ConformanceMode>true</ConformanceMode>
 91 |     </ClCompile>
 92 |     <Link>
 93 |       <SubSystem>Console</SubSystem>
 94 |       <GenerateDebugInformation>true</GenerateDebugInformation>
 95 |     </Link>
 96 |   </ItemDefinitionGroup>
 97 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 98 |     <ClCompile>
 99 |       <WarningLevel>Level3</WarningLevel>
100 |       <FunctionLevelLinking>true</FunctionLevelLinking>
101 |       <IntrinsicFunctions>true</IntrinsicFunctions>
102 |       <SDLCheck>true</SDLCheck>
103 |       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
104 |       <ConformanceMode>true</ConformanceMode>
105 |       <DisableSpecificWarnings>4996</DisableSpecificWarnings>
106 |     </ClCompile>
107 |     <Link>
108 |       <SubSystem>Console</SubSystem>
109 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
110 |       <OptimizeReferences>true</OptimizeReferences>
111 |       <GenerateDebugInformation>true</GenerateDebugInformation>
112 |     </Link>
113 |   </ItemDefinitionGroup>
114 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
115 |     <ClCompile>
116 |       <WarningLevel>Level3</WarningLevel>
117 |       <SDLCheck>true</SDLCheck>
118 |       <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
119 |       <ConformanceMode>true</ConformanceMode>
120 |     </ClCompile>
121 |     <Link>
122 |       <SubSystem>Console</SubSystem>
123 |       <GenerateDebugInformation>true</GenerateDebugInformation>
124 |     </Link>
125 |   </ItemDefinitionGroup>
126 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
127 |     <ClCompile>
128 |       <WarningLevel>Level3</WarningLevel>
129 |       <FunctionLevelLinking>true</FunctionLevelLinking>
130 |       <IntrinsicFunctions>true</IntrinsicFunctions>
131 |       <SDLCheck>true</SDLCheck>
132 |       <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
133 |       <ConformanceMode>true</ConformanceMode>
134 |       <LanguageStandard>stdcpp20</LanguageStandard>
135 |       <LanguageStandard_C>stdc17</LanguageStandard_C>
136 |       <DisableSpecificWarnings>4996</DisableSpecificWarnings>
137 |     </ClCompile>
138 |     <Link>
139 |       <SubSystem>Console</SubSystem>
140 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
141 |       <OptimizeReferences>true</OptimizeReferences>
142 |       <GenerateDebugInformation>true</GenerateDebugInformation>
143 |     </Link>
144 |   </ItemDefinitionGroup>
145 |   <ItemGroup>
146 |     <ClCompile Include="main.cpp" />
147 |   </ItemGroup>
148 |   <ItemGroup>
149 |     <ClInclude Include="hdlog.hpp" />
150 |     <ClInclude Include="Includes.hpp" />
151 |     <ClInclude Include="SysCall.hpp" />
152 |   </ItemGroup>
153 |   <ItemGroup>
154 |     <CustomBuild Include="syscalls.asm">
155 |       <FileType>Document</FileType>
156 |       <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64 /Fo $(IntDir)%(fileName).obj /c %(fileName).asm</Command>
157 |       <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(IntDir)%(fileName).obj</Outputs>
158 |     </CustomBuild>
159 |   </ItemGroup>
160 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
161 |   <ImportGroup Label="ExtensionTargets">
162 |   </ImportGroup>
163 | </Project>


--------------------------------------------------------------------------------
/SimpleByPass.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="源文件">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="头文件">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="资源文件">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <ClCompile Include="main.cpp">
19 |       <Filter>源文件</Filter>
20 |     </ClCompile>
21 |   </ItemGroup>
22 |   <ItemGroup>
23 |     <ClInclude Include="Includes.hpp">
24 |       <Filter>头文件</Filter>
25 |     </ClInclude>
26 |     <ClInclude Include="SysCall.hpp">
27 |       <Filter>头文件</Filter>
28 |     </ClInclude>
29 |     <ClInclude Include="hdlog.hpp">
30 |       <Filter>头文件</Filter>
31 |     </ClInclude>
32 |   </ItemGroup>
33 |   <ItemGroup>
34 |     <CustomBuild Include="syscalls.asm">
35 |       <Filter>源文件</Filter>
36 |     </CustomBuild>
37 |   </ItemGroup>
38 | </Project>


--------------------------------------------------------------------------------
/SimpleByPass.vcxproj.user:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3 |   <PropertyGroup />
4 | </Project>


--------------------------------------------------------------------------------
/SysCall.hpp:
--------------------------------------------------------------------------------
  1 | #pragma once
  2 | #include "Includes.hpp"
  3 | 
  4 | /*
  5 | * Define other NT stuff
  6 | */
  7 | #define NtCurrentProcess() ( (HANDLE)(LONG_PTR) -1 )
  8 | #define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0)
  9 | 
 10 | 
 11 | /*
 12 | * Define structs
 13 | */
 14 | typedef struct _SYSCALL_ENTRY {
 15 |     PVOID Address;
 16 |     std::string Name;
 17 |     SIZE_T Size;
 18 | } SYSCALL_ENTRY, * PSYSCALL_ENTRY;
 19 | 
 20 | typedef struct _UNICODE_STRING {
 21 |     USHORT Length;
 22 |     USHORT MaximumLength;
 23 |     PWSTR  Buffer;
 24 | } UNICODE_STRING, * PUNICODE_STRING;
 25 | 
 26 | typedef struct _PEB_LDR_DATA {
 27 |     ULONG Length;
 28 |     BOOLEAN Initialized;
 29 |     PVOID SsHandle;
 30 |     LIST_ENTRY InLoadOrderModuleList;
 31 |     LIST_ENTRY InMemoryOrderModuleList;
 32 |     LIST_ENTRY InInitializationOrderModuleList;
 33 |     PVOID EntryInProgress;
 34 |     BOOLEAN ShutdownInProgress;
 35 |     PVOID ShutdownThreadId;
 36 | } PEB_LDR_DATA, * PPEB_LDR_DATA;
 37 | 
 38 | typedef struct _LDR_DATA_TABLE_ENTRY {
 39 |     LIST_ENTRY InLoadOrderLinks;
 40 |     LIST_ENTRY InMemoryOrderLinks;
 41 |     LIST_ENTRY InInitializationOrderLinks;
 42 |     PVOID DllBase;
 43 |     PVOID EntryPoint;
 44 |     ULONG SizeOfImage;
 45 |     UNICODE_STRING FullDllName;
 46 |     UNICODE_STRING BaseDllName;
 47 |     ULONG Flags;
 48 |     USHORT LoadCount;
 49 |     USHORT TlsIndex;
 50 |     LIST_ENTRY HashLinks;
 51 |     ULONG TimeDateStamp;
 52 | } LDR_DATA_TABLE_ENTRY, * PLDR_DATA_TABLE_ENTRY;
 53 | 
 54 | #ifdef _WIN64
 55 | typedef struct _PEB {
 56 |     BOOLEAN InheritedAddressSpace;
 57 |     BOOLEAN ReadImageFileExecOptions;
 58 |     BOOLEAN BeingDebugged;
 59 |     BOOLEAN BitField;
 60 |     HANDLE Mutant;
 61 |     PVOID ImageBaseAddress;
 62 |     PPEB_LDR_DATA Ldr;
 63 |     // ... other members are not relevant
 64 | } PEB, * PPEB;
 65 | #else
 66 | typedef struct _PEB {
 67 |     BOOLEAN InheritedAddressSpace;
 68 |     BOOLEAN ReadImageFileExecOptions;
 69 |     BOOLEAN BeingDebugged;
 70 |     BOOLEAN SpareBool;
 71 |     HANDLE Mutant;
 72 |     PVOID ImageBaseAddress;
 73 |     PPEB_LDR_DATA Ldr;
 74 |     // ... other members are not relevant
 75 | } PEB, * PPEB;
 76 | #endif
 77 | 
 78 | typedef struct _OBJECT_ATTRIBUTES {
 79 |     ULONG Length;
 80 |     HANDLE RootDirectory;
 81 |     PUNICODE_STRING ObjectName;
 82 |     ULONG Attributes;
 83 |     PVOID SecurityDescriptor;        // Points to type SECURITY_DESCRIPTOR
 84 |     PVOID SecurityQualityOfService;  // Points to type SECURITY_QUALITY_OF_SERVICE
 85 | } OBJECT_ATTRIBUTES, * POBJECT_ATTRIBUTES;
 86 | 
 87 | typedef struct _IO_STATUS_BLOCK {
 88 |     union {
 89 |         NTSTATUS Status;
 90 |         PVOID Pointer;
 91 |     };
 92 |     ULONG_PTR Information;
 93 | } IO_STATUS_BLOCK, * PIO_STATUS_BLOCK;
 94 | 
 95 | /*
 96 | * Define syscalls
 97 | */
 98 | EXTERN_C NTSTATUS NtWriteVirtualMemory(
 99 |     HANDLE ProcessHandle,
100 |     PVOID BaseAddress,
101 |     PVOID Buffer,
102 |     ULONG NumberOfBytesToWrite,
103 |     PULONG NumberOfBytesWritten,
104 |     int syscallID
105 | );
106 | 
107 | EXTERN_C NTSTATUS NtProtectVirtualMemory(
108 |     HANDLE ProcessHandle,
109 |     PVOID* BaseAddress,
110 |     PSIZE_T NumberOfBytesToProtect,
111 |     ULONG NewAccessProtection,
112 |     PULONG OldAccessProtection,
113 |     int syscallID
114 | );
115 | 
116 | extern "C" void SetJumpAddress(uintptr_t jumpAddress);
117 | 


--------------------------------------------------------------------------------
/hdlog.hpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0sha0/SimpleByPass/077d9ca7e23d30eaadc4245c316ef3f700b7df44/hdlog.hpp


--------------------------------------------------------------------------------
/main.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0sha0/SimpleByPass/077d9ca7e23d30eaadc4245c316ef3f700b7df44/main.cpp


--------------------------------------------------------------------------------
/syscalls.asm:
--------------------------------------------------------------------------------
 1 | .data
 2 | jumpAddress dq 0
 3 | 
 4 | .code
 5 | PUBLIC NtProtectVirtualMemory
 6 | PUBLIC NtWriteVirtualMemory
 7 | PUBLIC SetJumpAddress               ; Function to set jumpAddress
 8 | 
 9 | SetJumpAddress proc
10 |     mov [jumpAddress], rcx          ; Assume the new address is passed in RCX
11 |     ret
12 | SetJumpAddress endp
13 | 
14 | NtProtectVirtualMemory proc
15 |     mov r11, [jumpAddress]          ; Load indirect syscall address into R11 register
16 |     mov eax, [rsp+30h]              ; Move syscall ID into RAX register
17 |     mov r10, rcx
18 |     jmp r11                         ; Indirect syscall via jump to address stored in R11
19 | NtProtectVirtualMemory endp
20 | 
21 | NtWriteVirtualMemory proc
22 |     mov r11, [jumpAddress]          ; Load indirect syscall address into R11 register
23 |     mov eax, [rsp+30h]              ; Move syscall ID into RAX register
24 |     mov r10, rcx
25 |     jmp r11                         ; Indirect syscall via jump to address stored in R11
26 | NtWriteVirtualMemory endp
27 | 
28 | end


--------------------------------------------------------------------------------