Injectable DLL that sets hardware breakpoints on NT functions.
- Once injected, the DLL sets hardware breakpoints on NT functions.
- After any of the hooked functions are called, the execution flow is redirected to the "malicious code", which displays a MessageBox for the proof of concept (POC).
- After executing our code, the hardware breakpoints are cleaned up, and the process continues normally. (I chose to execute the custom code only once for the POC, but this can be modified.)
- The code lacks operational security (opsec) measures (e.g., no removal of CRT libraries, no indirect syscalls, no API hashing). This is because the primary goal was to explore hardware breakpoint hooking on a remote process.
- A DLL injector is included:
- The code is not commented (as it is in Archor), as it is not the main focus of this repository.
- It is a rudimentary injector, but again, this is not the main focus.
Here is a preview of how it works:
-
First, choose the target process (in this case, "notepad.exe") and load the DLL into it. (You can use DllInjector or any other injector you prefer)
-
Target process and the dll loaded.
-
Triggering the hardware breakpoint...
-
Done! The code has been executed, and the process continues running normally.
