The Win32 Anti-Intrusion Library
Avanguard is the Windows anti-injection library written on C++.
First of all, clone it with all dependencies:
git clone --recursive https://github.com/HoShiMin/Avanguard.git
All you need is to build the Avanguard.dll and add it to your application's import table. ```cpp
int main() { // Using of Avanguard's symbols binds it to your app: printf("[i] AvnStub: %p\n", Stub); while (true); } ```
Or you can add it to import table manually using PE editors like CFF Explorer: 1. Right click on your exe/dll 2. Open with CFF Explorer 3.
Import Addertree entry -> Add -> Choose Avanguard.dll 4. Choose
Stub-> Import by name -> Rebuild import table 5. Go to
Import directorytree entry 6. Right click on Avanguard.dll -> Move up 7. Move it on the top of import list (it allows Avanguard.dll to load before of all another dlls) 8. Press
savebutton (💾 button at the top) 9. Done! Now put the Avanguard.dll to the same folder as your exe/dll.
You can change enabled features in the
AvnDefinitions.hfile.
FEATURE_MEMORY_FILTERto prevent a false detections.