HoLLy.MemoryLib icon indicating copy to clipboard operation
HoLLy.MemoryLib copied to clipboard

Published 20 hours ago verified publisher icon holly-hacker

Look into Nt ReadProcessMemory

Open holly-hacker opened this issue 4 years ago • 2 comments

Should bypass a lot of checks, meaning scanning will be somewhat to a lot faster. At the very least, this is useful for sigscanning. Possibly not viable for normal accessing due to less checks.

Anecdotal evidence: RPM Nt RPM

holly-hacker avatar Dec 29 '20 16:12 holly-hacker

I have been informed that syscalls from ntdll are annoying, so this may be useful: https://github.com/Dewera/Pluto

holly-hacker avatar Dec 29 '20 18:12 holly-hacker

Could also be useful: https://gist.github.com/michel-pi/eae4d9c16e2dce8737e2f7780b38bc31 (archive backup)

holly-hacker avatar Jan 09 '21 19:01 holly-hacker