Osiris
Osiris copied to clipboard
danielkrupinski
Implement PEB unlinking, and PE Header erasing
VAC using EnumProcessModules to check list of linked modules, this code hides Osiris from that function
Thanks for the PR, I saw this floating around, but I think it's not very useful since you should manual map the dll anyway because vac hooks loadlibrary system calls, am I correct?
Thanks for the PR, I saw this floating around, but I think it's not very useful since you should manual map the dll anyway because vac hooks loadlibrary system calls, am I correct?
DLL in Windows folder, and nobody will stop you, Valve “nanotechnologies” either (They don't restrict loading dll's from Windows folder by LoadLibrary)
Thanks for the PR, I saw this floating around, but I think it's not very useful since you should manual map the dll anyway because vac hooks loadlibrary system calls, am I correct?
Yes but not all people use Manual map some still use LoadLibrary
Thanks for the PR, I saw this floating around, but I think it's not very useful since you should manual map the dll anyway because vac hooks loadlibrary system calls, am I correct?
DLL in Windows folder, and nobody will stop you, Valve “nanotechnologies” either (They don't restrict loading dll's from Windows folder by LoadLibrary)
this will bypass trusted mode, it won't prevent vac from dumping or scanning your dll. what I'm saying is, no matter if you removed PE header or not, even you manual mapped it, the code exist in the memory and vac will scan it, I used manual map injection for my private cheat and still some members got vac banned, I mitigated that by mutating the binary code each time before injection, and no vac detections yet. but there are proper ways to hide your code, but they not include erasing PE headers or hiding the dll from modules list.
Thanks for the PR, I saw this floating around, but I think it's not very useful since you should manual map the dll anyway because vac hooks loadlibrary system calls, am I correct?
DLL in Windows folder, and nobody will stop you, Valve “nanotechnologies” either (They don't restrict loading dll's from Windows folder by LoadLibrary)
this will bypass trusted mode, it won't prevent vac from dumping or scanning your dll. what I'm saying is, no matter if you removed PE header or not, even you manual mapped it, the code exist in the memory and vac will scan it, I used manual map injection for my private cheat and still some members got vac banned, I mitigated that by mutating the binary code each time before injection, and no vac detections yet. but there are proper ways to hide your code, but they not include erasing PE headers or hiding the dll from modules list.
Anyway, my code won't make it worse, but can prevent some possible bans I guess My goal is not rewriting whole Osiris (to implement cool anti detection things, like mutation, etc.), it's just add some useful code, that's all
@playday3008 for some reason im getting a lot of errors. https://imgur.com/a/G8tplr0 im not using this original build, im using this: https://github.com/notgoodusename/OsirisAndExtra
@playday3008 for some reason im getting a lot of errors. https://imgur.com/a/G8tplr0 im not using this original build, im using this: https://github.com/notgoodusename/OsirisAndExtra
Take the original osiris and extras. See what the error is, find the code fragments that are responsible for a particular variable or function and add them to the extras, at the same time fixing the errors that occur.
P.S. I assume this will take a lot of fucking time
@playday3008 for some reason im getting a lot of errors. https://imgur.com/a/G8tplr0 im not using this original build, im using this: https://github.com/notgoodusename/OsirisAndExtra
Add them in AntiDetection.h if using c17/c++17.
#include <cstddef>
#include <memory>
Them build the dll.
