Source Code

Locked AtlasLdr - Reflective x64 PE/DLL Loader implemented using Dynamic Indirect Syscalls

By itsMe
December 25, 2023 in Source Code

Followers 0

Start new topic

Recommended Posts

itsMe

Posted December 25, 2023

- Share

Posted December 25, 2023

This is the hidden content, please

Atlas is a reflective x64 loader that has the following features:

Features

    Retrieve of DLL and PE from a remote server
    Manual Mapping on a remote process
    Position independent code
    Use of indirect Syscalls
        ZwAllocateVirtualMemory
        ZwProtectVirtualMemory
        ZwQuerySystemInformation
        ZwFreeVirtualMemory
        ZwCreateThreadEx
    Single stub for all Syscalls
        Dynamic SSN retrieve
        Dynamic Syscall address resolution
    Atlas also uses
        LdrLoadDll
        NtWriteVirtualMemory
    Custom implementations of
        GetProcAddress
        GetModuleHandle
    API hashing
    Cleanup on error
    Variable EntryPoint

This is the hidden content, please

Link to comment

Share on other sites

This topic is now closed to further replies.

Followers 0

Go to topic listing

Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

Sign In