Skip to content

NE1W01F/WolfLib

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

WolfLib - StealthAPI: Hide Your Function Usage

License GitHub Issues GitHub Pull Requests

Description

WolfLib is a Windows API function discovery library that allows you to hide your usage of Windows API functions. It provides advanced techniques to obfuscate your code, making it difficult for reverse engineers to detect and analyze your function invocations.

Proof that it Bypasses AV

Image Description

Features

  • Hidden Function Address Discovery: WolfLib uses intelligent algorithms to dynamically discover function addresses, hiding your direct usage of Windows API functions.
  • Runtime Function Resolution: Resolve function addresses at runtime for optimal performance and compatibility.
  • Comprehensive Function Abstraction: Interact with Windows API functions without exposing their names explicitly, enhancing the security of your application.
  • Lightweight and Easy Integration: Seamless integration into new or existing projects with minimal overhead and efficient execution.
  • Documentation and Examples: Documentation and examples to guide you through the implementation and usage of WolfLib.
  • Community and Support: Engage with a vibrant community of developers, share insights, report issues, and contribute to ongoing development.
  • Bypasses AMSI: WolfLib includes built-in mechanisms to bypass the Anti-Malware Scan Interface (AMSI), allowing you to conceal your usage of Windows API functions from AMSI detection.

Installation

  1. Clone the repository: git clone https://github.com/NE1W01F/WolfLib.git
  2. Include the necessary WolfLib files (header files, source files, assembly files) in your project.
  3. Follow the specific integration instructions provided in the documentation.

For detailed installation instructions and examples, refer to the Documentation.

Contributing

We welcome contributions from the community to enhance and improve WolfLib. If you'd like to contribute, please follow these steps:

  1. Fork the repository.
  2. Create a new branch: git checkout -b feature/your-feature-name.
  3. Commit your changes: git commit -m "Add your changes".
  4. Push to the branch: git push origin feature/your-feature-name.
  5. Open a pull request, describing your changes in detail.

Please ensure that your contributions align with the project's coding style and follow best practices. Check the Issues page for open issues and consider addressing them as well.

TODO

  • Add Spoof Parent Process to Memory.h
  • Add Spoof PEB to Memory.h
  • Add List of AV DLLs and Unload them
  • Add Registry Functions to Function.h
  • Make Project more Portable (ie MSVC, CMAKE and other compilers)
  • Add Function Hash search to Function.h

What can you do with it?

Well WolfLib helps with making shellcode loaders or with lowering your imports. It is also kinda small so it helps with making small stubs

License

WolfLib is released under the GNU Lesser General Public License (LGPLv3). See the LICENSE file for more details.

Support

For any questions, suggestions, or issues, please open an issue or join the discussion in the community chat.

Let's collaborate and make WolfLib a tool for hiding Windows API function usage together!

About

WolfLib - StealthAPI Hide Your Function Usage

Resources

License

Stars

Watchers

Forks

Packages

No packages published