WolfLib is a Windows API function discovery library that allows you to hide your usage of Windows API functions. It provides advanced techniques to obfuscate your code, making it difficult for reverse engineers to detect and analyze your function invocations.
- Hidden Function Address Discovery: WolfLib uses intelligent algorithms to dynamically discover function addresses, hiding your direct usage of Windows API functions.
- Runtime Function Resolution: Resolve function addresses at runtime for optimal performance and compatibility.
- Comprehensive Function Abstraction: Interact with Windows API functions without exposing their names explicitly, enhancing the security of your application.
- Lightweight and Easy Integration: Seamless integration into new or existing projects with minimal overhead and efficient execution.
- Documentation and Examples: Documentation and examples to guide you through the implementation and usage of WolfLib.
- Community and Support: Engage with a vibrant community of developers, share insights, report issues, and contribute to ongoing development.
- Bypasses AMSI: WolfLib includes built-in mechanisms to bypass the Anti-Malware Scan Interface (AMSI), allowing you to conceal your usage of Windows API functions from AMSI detection.
- Clone the repository:
git clone https://github.com/NE1W01F/WolfLib.git
- Include the necessary WolfLib files (
header files
,source files
,assembly files
) in your project. - Follow the specific integration instructions provided in the documentation.
For detailed installation instructions and examples, refer to the Documentation.
We welcome contributions from the community to enhance and improve WolfLib. If you'd like to contribute, please follow these steps:
- Fork the repository.
- Create a new branch:
git checkout -b feature/your-feature-name
. - Commit your changes:
git commit -m "Add your changes"
. - Push to the branch:
git push origin feature/your-feature-name
. - Open a pull request, describing your changes in detail.
Please ensure that your contributions align with the project's coding style and follow best practices. Check the Issues page for open issues and consider addressing them as well.
- Add Spoof Parent Process to Memory.h
- Add Spoof PEB to Memory.h
- Add List of AV DLLs and Unload them
- Add Registry Functions to Function.h
- Make Project more Portable (ie MSVC, CMAKE and other compilers)
- Add Function Hash search to Function.h
Well WolfLib helps with making shellcode loaders or with lowering your imports. It is also kinda small so it helps with making small stubs
WolfLib is released under the GNU Lesser General Public License (LGPLv3). See the LICENSE file for more details.
For any questions, suggestions, or issues, please open an issue or join the discussion in the community chat.
Let's collaborate and make WolfLib a tool for hiding Windows API function usage together!