Avanguard

The Win32 Anti-Intrusion Library

Avanguard is the Windows anti-injection library written on C++.

🔙🔚 Current and in-dev capabilities:

• [✔️] Threads filter (against of CreateRemoteThread)
• [✔️] Modules filter
• [✔️] Memory filter (support of JIT-based languages)
• [✔️] Stacktrace checker
• [✔️] Windows hooks detection
• [✔️] AppInit_DLLs disabler
• [✔️] Memory mapping based injects detection
• [✔️] APC filter
• [✔️] Threads context filter (to prevent a context steal)
• [❌] HWIDs collector
• [❌] Java/C#/Delphi bindings and API
• [❌] Anti-macroses (virtual input blocking)
• [❌] Anti-debugging techniques
• [❌] Self-modification support
• [❌] DACLs-based protection

📝 Dependencies:

• HookLib - lightweight and convenient hook library written on pure C and NativeAPI
• Zydis - extremely lightweight disassembler
• t1ha - the fastest hash ever
• xorstr - a heavily vectorized C++17 compile-time strings encryptor

📐 How to use:

First of all, clone it with all dependencies:

git clone --recursive https://github.com/HoShiMin/Avanguard.git

All you need is to build the Avanguard.dll and add it to your application's import table. ```cpp

include

include

include

pragma comment(lib, "Avanguard.lib")

int main() { // Using of Avanguard's symbols binds it to your app: printf("[i] AvnStub: %p\n", Stub); while (true); } ```

Or you can add it to import table manually using PE editors like CFF Explorer: 1. Right click on your exe/dll 2. Open with CFF Explorer 3.

Import Adder

Stub

Import directory

save

🛠 Settings:

You can change enabled features in the

AvnDefinitions.h

FEATURE_MEMORY_FILTER