Workflows

Workflow templates

Production-grade reference implementations for loader bootstrap, anti-tamper, licensing, ETW monitoring, kernel drivers, and integrity verification. Every template ships with direct syscalls, PE manipulation, and cryptographic correctness.

Loader bootstrap

Manual-map injection of signed payload DLL into own process with PE relocation, IAT resolve, and TLS callback dispatch.

C++PEinjection

Anti-debug aggregator

PEB.BeingDebugged, NtGlobalFlag, ProcessDebugPort via direct syscall, hardware-breakpoint scan, and RDTSC timing delta.

C++syscallsanti-tamper

Hardware fingerprint

TPM EK, machine SID, disk serial, BIOS UUID, and IPv6 MAC collected for licensing anchor.

C++licensingfingerprint

ETW threat consumer

Real-time subscription to Microsoft-Windows-Threat-Intelligence and Kernel-Process providers with injection pattern parsing.

C++ETWdefensive

Kernel driver skeleton

WDM/KMDF driver with IOCTL dispatch, VAD tree walk via NtQueryVirtualMemory, and Authenticode self-verify.

CkernelWDM

DLL hijack detection

Verify every loaded module originates from expected path and carries valid Authenticode signature.

C++integritydefensive