{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":767071420,"defaultBranch":"master","name":"StealthModule.NET","ownerLogin":"hsheric0210","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2024-03-04T16:47:36.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/77634181?v=4","public":true,"private":false,"isOrgOwned":false},"refInfo":{"name":"","listCacheKey":"v0:1709716969.0","currentOid":""},"activityList":{"items":[{"before":"1ccb39e2642747fd94816f14888393a58c3ac16e","after":"217d9cbd873ff16972d9a60359b57ee1b5705d9d","ref":"refs/heads/master","pushedAt":"2024-03-16T04:19:05.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"hsheric0210","name":"eric0210","path":"/hsheric0210","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/77634181?s=80&v=4"},"commit":{"message":"Replaced .NET Core App 3.1 support with .NET Standard 2.0 support","shortMessageHtmlLink":"Replaced .NET Core App 3.1 support with .NET Standard 2.0 support"}},{"before":"7320fbe208d496e3c1bd58ffb489e6a9aca2603c","after":"1ccb39e2642747fd94816f14888393a58c3ac16e","ref":"refs/heads/master","pushedAt":"2024-03-15T16:00:30.000Z","pushType":"push","commitsCount":6,"pusher":{"login":"hsheric0210","name":"eric0210","path":"/hsheric0210","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/77634181?s=80&v=4"},"commit":{"message":"Add placeholder files\n\nAdd code injection technique placeholder files","shortMessageHtmlLink":"Add placeholder files"}},{"before":"c993383c8249175a1ad7cd7209320c533e155a8e","after":"7320fbe208d496e3c1bd58ffb489e6a9aca2603c","ref":"refs/heads/master","pushedAt":"2024-03-14T16:38:31.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"hsheric0210","name":"eric0210","path":"/hsheric0210","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/77634181?s=80&v=4"},"commit":{"message":"Remove RpcInject\n\nRemoved RpcInject placeholder as the purpose of MMRPC (ManualMap RPC) shellcode is now only compatible with RemoteMemoryModule (Manual-map a DLL to remote process)","shortMessageHtmlLink":"Remove RpcInject"}},{"before":"aeb94b1d358bf063a603c4853ba66f2acf7ed0bb","after":"c993383c8249175a1ad7cd7209320c533e155a8e","ref":"refs/heads/master","pushedAt":"2024-03-14T16:29:41.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"hsheric0210","name":"eric0210","path":"/hsheric0210","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/77634181?s=80&v=4"},"commit":{"message":"Update Pointer, PEHeader usages","shortMessageHtmlLink":"Update Pointer, PEHeader usages"}},{"before":"35f4d455c3d1b723cfb63c6d91c7f0f32171d868","after":"aeb94b1d358bf063a603c4853ba66f2acf7ed0bb","ref":"refs/heads/master","pushedAt":"2024-03-14T16:06:20.000Z","pushType":"push","commitsCount":4,"pusher":{"login":"hsheric0210","name":"eric0210","path":"/hsheric0210","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/77634181?s=80&v=4"},"commit":{"message":"StealthModule.PEHeader will support direct read from bytes or file","shortMessageHtmlLink":"StealthModule.PEHeader will support direct read from bytes or file"}},{"before":"6040cff96241780ab037040782d48abe2f0b08bb","after":"35f4d455c3d1b723cfb63c6d91c7f0f32171d868","ref":"refs/heads/master","pushedAt":"2024-03-13T18:31:16.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"hsheric0210","name":"eric0210","path":"/hsheric0210","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/77634181?s=80&v=4"},"commit":{"message":"GetProcAddressWithHash.h Tab->4Space","shortMessageHtmlLink":"GetProcAddressWithHash.h Tab-&gt;4Space"}},{"before":"1d85da7c9d7c91f267b3dfd7e4fabe0aadba44ad","after":"6040cff96241780ab037040782d48abe2f0b08bb","ref":"refs/heads/master","pushedAt":"2024-03-13T17:07:21.000Z","pushType":"push","commitsCount":10,"pusher":{"login":"hsheric0210","name":"eric0210","path":"/hsheric0210","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/77634181?s=80&v=4"},"commit":{"message":"Forgot to add PE.Magic\n\n+ ShellcodeConverter FodyWeavers\n+ Added ShellcodeConverter binaries (executed on post-compilation of the shellcode project)\n+ PE/Magic.cs","shortMessageHtmlLink":"Forgot to add PE.Magic"}},{"before":"063f6dfe4e436b68eb42605d4e88c7ec91f28cb8","after":"1d85da7c9d7c91f267b3dfd7e4fabe0aadba44ad","ref":"refs/heads/master","pushedAt":"2024-03-13T13:50:58.000Z","pushType":"push","commitsCount":8,"pusher":{"login":"hsheric0210","name":"eric0210","path":"/hsheric0210","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/77634181?s=80&v=4"},"commit":{"message":"Fix ExportLister project reference","shortMessageHtmlLink":"Fix ExportLister project reference"}},{"before":"ff93344403d588a014b4d14b6c953dac4194960f","after":"063f6dfe4e436b68eb42605d4e88c7ec91f28cb8","ref":"refs/heads/master","pushedAt":"2024-03-13T12:20:31.000Z","pushType":"push","commitsCount":8,"pusher":{"login":"hsheric0210","name":"eric0210","path":"/hsheric0210","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/77634181?s=80&v=4"},"commit":{"message":"StealthModule.MemoryModule: Now all entry point call abstraction layer is complete\n\nOnly the address of entry point function is stored internally, the call is made using the implementation of interface 'IFunctionCaller'","shortMessageHtmlLink":"StealthModule.MemoryModule: Now all entry point call abstraction laye…"}},{"before":"0050620e953c64a39062b64fa621a5129381f36b","after":"ff93344403d588a014b4d14b6c953dac4194960f","ref":"refs/heads/master","pushedAt":"2024-03-12T17:52:41.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"hsheric0210","name":"eric0210","path":"/hsheric0210","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/77634181?s=80&v=4"},"commit":{"message":"Update LocalMemoryModule README","shortMessageHtmlLink":"Update LocalMemoryModule README"}},{"before":"b2e0f443465ad06c1617379614a2f427dba20f13","after":"0050620e953c64a39062b64fa621a5129381f36b","ref":"refs/heads/master","pushedAt":"2024-03-12T17:44:36.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"hsheric0210","name":"eric0210","path":"/hsheric0210","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/77634181?s=80&v=4"},"commit":{"message":"Module stomping bug fix\n\n(at least no more crashes)","shortMessageHtmlLink":"Module stomping bug fix"}},{"before":"cacb0e2832893bde7102bedff16dafe8db02c341","after":"b2e0f443465ad06c1617379614a2f427dba20f13","ref":"refs/heads/master","pushedAt":"2024-03-12T17:36:11.000Z","pushType":"push","commitsCount":6,"pusher":{"login":"hsheric0210","name":"eric0210","path":"/hsheric0210","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/77634181?s=80&v=4"},"commit":{"message":"MemoryModule -> LocalMemoryModule\n\nit will now use MemoryModuleBase","shortMessageHtmlLink":"MemoryModule -&gt; LocalMemoryModule"}},{"before":"de36de4fe70cbbaafab59215dc8cfb50e00851d2","after":"cacb0e2832893bde7102bedff16dafe8db02c341","ref":"refs/heads/master","pushedAt":"2024-03-11T12:04:49.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"hsheric0210","name":"eric0210","path":"/hsheric0210","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/77634181?s=80&v=4"},"commit":{"message":"Renamed MemoryModule+ManualMap to MemoryModule.ManualMap\n\nalso extract ExceptionTable register part to separate method","shortMessageHtmlLink":"Renamed MemoryModule+ManualMap to MemoryModule.ManualMap"}},{"before":"95cdacf98dbd036da2fad8b32b7e84edd6561c2d","after":"de36de4fe70cbbaafab59215dc8cfb50e00851d2","ref":"refs/heads/master","pushedAt":"2024-03-10T18:46:49.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"hsheric0210","name":"eric0210","path":"/hsheric0210","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/77634181?s=80&v=4"},"commit":{"message":"Fix x86 pointer ToString","shortMessageHtmlLink":"Fix x86 pointer ToString"}},{"before":"ac37ad68f0407554f11294e52c5f91191f2535c0","after":"95cdacf98dbd036da2fad8b32b7e84edd6561c2d","ref":"refs/heads/master","pushedAt":"2024-03-10T16:52:02.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"hsheric0210","name":"eric0210","path":"/hsheric0210","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/77634181?s=80&v=4"},"commit":{"message":"x64 SEH support added\n\n+ Added export validation for ExportResolver.GetExport overloads\n+ MemoryModule+ManualMap will print more detailed 'Wrong Section Alignment' exception\n+ NTDLL.RtlAddFunctionTable (only exist on x64!)\n/ Fixed NTDLL.RtlGetVersion to return NTSTATUS","shortMessageHtmlLink":"x64 SEH support added"}},{"before":"aef316cb553e19f9d3baa0828564bdb1657c5806","after":"ac37ad68f0407554f11294e52c5f91191f2535c0","ref":"refs/heads/master","pushedAt":"2024-03-10T14:09:17.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"hsheric0210","name":"eric0210","path":"/hsheric0210","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/77634181?s=80&v=4"},"commit":{"message":"Added module stomping tests\n\nModule Stomping is now confirmed as working well!","shortMessageHtmlLink":"Added module stomping tests"}},{"before":"369f0ce4a4250ad946dc3d073c40dcb3a44da423","after":"aef316cb553e19f9d3baa0828564bdb1657c5806","ref":"refs/heads/master","pushedAt":"2024-03-10T13:51:58.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"hsheric0210","name":"eric0210","path":"/hsheric0210","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/77634181?s=80&v=4"},"commit":{"message":"Added additional tests for MemoryModule\n\nSome DLLs are confirmed as not compatible with MemoryModule","shortMessageHtmlLink":"Added additional tests for MemoryModule"}},{"before":"f171e9b7731bddeca58af996be15faab91dbb5d5","after":"369f0ce4a4250ad946dc3d073c40dcb3a44da423","ref":"refs/heads/master","pushedAt":"2024-03-10T13:15:38.000Z","pushType":"push","commitsCount":3,"pusher":{"login":"hsheric0210","name":"eric0210","path":"/hsheric0210","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/77634181?s=80&v=4"},"commit":{"message":"RunDll32 no longer use the current console handle\n\nIt will always use NULL HWND when calling the entry point function","shortMessageHtmlLink":"RunDll32 no longer use the current console handle"}},{"before":"bb94f7b49072b92557211795f16bf3cd5e7b8179","after":"f171e9b7731bddeca58af996be15faab91dbb5d5","ref":"refs/heads/master","pushedAt":"2024-03-10T03:31:17.000Z","pushType":"push","commitsCount":13,"pusher":{"login":"hsheric0210","name":"eric0210","path":"/hsheric0210","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/77634181?s=80&v=4"},"commit":{"message":"Converted LoadLibrary, FreeLibrary and GetProcAddress to NTDLL calls","shortMessageHtmlLink":"Converted LoadLibrary, FreeLibrary and GetProcAddress to NTDLL calls"}},{"before":"9ea20f628cd098843859cf4e368930851604cabf","after":"bb94f7b49072b92557211795f16bf3cd5e7b8179","ref":"refs/heads/master","pushedAt":"2024-03-09T17:13:50.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"hsheric0210","name":"eric0210","path":"/hsheric0210","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/77634181?s=80&v=4"},"commit":{"message":"FIXED FATAL MISTAKE in MemoryModule+ManualMap+Relocation\n\nAlmost got mental breakdown; this trivial typo made AntiDebug.NET to crash and took 4h to find","shortMessageHtmlLink":"FIXED FATAL MISTAKE in MemoryModule+ManualMap+Relocation"}},{"before":"9ccb6aed5b067a791ddc112daa9fa89b90e5cf3b","after":"9ea20f628cd098843859cf4e368930851604cabf","ref":"refs/heads/master","pushedAt":"2024-03-09T16:19:33.000Z","pushType":"push","commitsCount":4,"pusher":{"login":"hsheric0210","name":"eric0210","path":"/hsheric0210","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/77634181?s=80&v=4"},"commit":{"message":"Added user32.dll test","shortMessageHtmlLink":"Added user32.dll test"}},{"before":"0071357de421fd94a45f956057a774c653069f41","after":"9ccb6aed5b067a791ddc112daa9fa89b90e5cf3b","ref":"refs/heads/master","pushedAt":"2024-03-09T06:12:47.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"hsheric0210","name":"eric0210","path":"/hsheric0210","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/77634181?s=80&v=4"},"commit":{"message":"Re-added .NET Framework 2.0 support\n\nit was dropped intentionally while fixing the ModuleStomping bug","shortMessageHtmlLink":"Re-added .NET Framework 2.0 support"}},{"before":"51b46de9c0d26199762f37ce8bd8c7922a28e117","after":"0071357de421fd94a45f956057a774c653069f41","ref":"refs/heads/master","pushedAt":"2024-03-09T06:09:50.000Z","pushType":"push","commitsCount":4,"pusher":{"login":"hsheric0210","name":"eric0210","path":"/hsheric0210","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/77634181?s=80&v=4"},"commit":{"message":"FileModule -> FileModuleMapper\n\nSince it does not perform various loader steps (IAT rebuild, relocation, etc.) it can't be called neither a Mapper nor a Module.\nAnything it does is just 'Mapping a file to the memory', not 'manual-mapping' it.","shortMessageHtmlLink":"FileModule -&gt; FileModuleMapper"}},{"before":"2508c704e24bbddbe30a7068e6c2e6850982623a","after":"51b46de9c0d26199762f37ce8bd8c7922a28e117","ref":"refs/heads/master","pushedAt":"2024-03-09T03:12:18.000Z","pushType":"push","commitsCount":7,"pusher":{"login":"hsheric0210","name":"eric0210","path":"/hsheric0210","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/77634181?s=80&v=4"},"commit":{"message":"Renamed ACCESS_MASK to AccessMask","shortMessageHtmlLink":"Renamed ACCESS_MASK to AccessMask"}},{"before":"8c848fb7c524be2ee9eedfa8833f250334f21aa5","after":"2508c704e24bbddbe30a7068e6c2e6850982623a","ref":"refs/heads/master","pushedAt":"2024-03-09T02:20:45.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"hsheric0210","name":"eric0210","path":"/hsheric0210","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/77634181?s=80&v=4"},"commit":{"message":"Now MemoryModule.ModuleBaseAddress is directly accessible from the public\n\nRemoved the proxy property. Exposed the ModuleBaseAddress directly.","shortMessageHtmlLink":"Now MemoryModule.ModuleBaseAddress is directly accessible from the pu…"}},{"before":"d4ce87675ab7ec41987b8f20c1cc3659a01e8fe2","after":"8c848fb7c524be2ee9eedfa8833f250334f21aa5","ref":"refs/heads/master","pushedAt":"2024-03-09T02:18:49.000Z","pushType":"push","commitsCount":3,"pusher":{"login":"hsheric0210","name":"eric0210","path":"/hsheric0210","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/77634181?s=80&v=4"},"commit":{"message":"RunDll32 now supports optional parameter\n\n... and also some additional warning mesages are added","shortMessageHtmlLink":"RunDll32 now supports optional parameter"}},{"before":"7019a4ac9174d162cb3ec3f8e588ff50126c9b8b","after":"d4ce87675ab7ec41987b8f20c1cc3659a01e8fe2","ref":"refs/heads/master","pushedAt":"2024-03-08T16:33:20.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"hsheric0210","name":"eric0210","path":"/hsheric0210","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/77634181?s=80&v=4"},"commit":{"message":"RunDLL32 will now catch AccessViolationException","shortMessageHtmlLink":"RunDLL32 will now catch AccessViolationException"}},{"before":"e38c75ab2c4c87503c746b87e6b98314a757d4d0","after":"7019a4ac9174d162cb3ec3f8e588ff50126c9b8b","ref":"refs/heads/master","pushedAt":"2024-03-08T16:26:19.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"hsheric0210","name":"eric0210","path":"/hsheric0210","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/77634181?s=80&v=4"},"commit":{"message":"MemoryModule will use ExportResolver to resolve its exports + Added 'Erase Headers' feature to MemoryModule\n\nBefore this change, MemoryModule had its own export resolver.\nFrom this commit, MemoryModule will create an instance of ExportResolver on initialization. You can access it through 'MemoryModule.Exports' property.\n\n/ Changed the parameter type from short to int in 'export resolver by ordinal'\n+ RunDll32 example project will support dll ordinal call\n+ Updated RunDll32 syntax message\n+ Added 'erase headers' feature to MemoryModule\n+ ExportResolver will check if the module header is valid (if not it will throw exception; it's the check for module header erasure)","shortMessageHtmlLink":"MemoryModule will use ExportResolver to resolve its exports + Added '…"}},{"before":"3d1038def3202ecc92b47713c662e1817f06e5f7","after":"e38c75ab2c4c87503c746b87e6b98314a757d4d0","ref":"refs/heads/master","pushedAt":"2024-03-08T15:54:06.000Z","pushType":"push","commitsCount":24,"pusher":{"login":"hsheric0210","name":"eric0210","path":"/hsheric0210","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/77634181?s=80&v=4"},"commit":{"message":"Fix compilation errors caused by disabled implicit casting from integer to Pointer\n\nI've recently disabled auto-boxing from int to Pointer because of the ambigiousity errors on .NET 8.0.","shortMessageHtmlLink":"Fix compilation errors caused by disabled implicit casting from integ…"}},{"before":"de194171a4e3090d08a0b680dc2187a50b78911d","after":"3d1038def3202ecc92b47713c662e1817f06e5f7","ref":"refs/heads/master","pushedAt":"2024-03-08T10:37:23.000Z","pushType":"push","commitsCount":4,"pusher":{"login":"hsheric0210","name":"eric0210","path":"/hsheric0210","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/77634181?s=80&v=4"},"commit":{"message":"Added exemplar project: RunDll32","shortMessageHtmlLink":"Added exemplar project: RunDll32"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEFzZQQQA","startCursor":null,"endCursor":null}},"title":"Activity · hsheric0210/StealthModule.NET"}