cube0x8

Hello @juju812 and @posutsai. I've just noticed that this issue has never been addressed. Sorry for this. 1) I am reasonably sure that loadlibrary is not meant to allow the...

Hi, It sounds like a good approach to me. I guess you will need to modify some of the peloader APIs, but that should be quite simple and straightforward. For...

I have just replaced `libdisasm` with [Zydis](https://github.com/zyantific/zydis). I did basic tests (only x86) for the `insert_function_redirect` and `redirect_call_within_function` functions and they passed but please, @taviso, when/if you have time check...

I added x86_64 support for the intercept set of libraries: 1) added two assembly (NASM) dispatchers to switch calling convention from x86_64 linux to x86_64 windows and the other way...

So, 1. I fixed the x64 assembly dispatchers. It looks like they are working quite well now 2. All the WINAPIs are correctly linked and executed 3. I managed to...

It is possible to call DLL exports using the `x86_64_call_exported_function` wrapper.

Subhook hooks were pushing values on the redzone, which led to some useful values on the stack to be overwritten. I disabled the redzone for now `(-mno-red-zone)`. I managed to...

Update: with the new release of mpengine.dll (Product Version Number: 1.1.18200.2) it does not work also with eicar.com. It correctly boots up the engine but it raises an uncaught exception...

Two notes: 1. The framework can't work with selinux enforcing, since mprotect fails to change permission on peloader's functions. I have to find a better solution than patching the APIs...

So... I have just found out that GCC (and Clang too) implements the function's attribute `__attribute__((ms_abi))`, which compiles a function with the Windows x86_64 calling convention. This solved more than...