Need help with Avanguard?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

159 Stars 47 Forks GNU General Public License v3.0 21 Commits 4 Opened issues


The Win32 Anti-Intrusion Library

Services available


Need anything else?

Contributors list

# 86,579
21 commits


The Win32 Anti-Intrusion Library

Avanguard is the Windows anti-injection library written on C++.

🔙🔚 Current and in-dev capabilities:

  • [✔️] Threads filter (against of CreateRemoteThread)
  • [✔️] Modules filter
  • [✔️] Memory filter (support of JIT-based languages)
  • [✔️] Stacktrace checker
  • [✔️] Windows hooks detection
  • [✔️] AppInit_DLLs disabler
  • [✔️] Memory mapping based injects detection
  • [✔️] APC filter
  • [✔️] Threads context filter (to prevent a context steal)
  • [❌] HWIDs collector
  • [❌] Java/C#/Delphi bindings and API
  • [❌] Anti-macroses (virtual input blocking)
  • [❌] Anti-debugging techniques
  • [❌] Self-modification support
  • [❌] DACLs-based protection

📝 Dependencies:

  • HookLib - lightweight and convenient hook library written on pure C and NativeAPI
  • Zydis - extremely lightweight disassembler
  • t1ha - the fastest hash ever
  • xorstr - a heavily vectorized C++17 compile-time strings encryptor

📐 How to use:

First of all, clone it with all dependencies:

git clone --recursive

All you need is to build the Avanguard.dll and add it to your application's import table. ```cpp




pragma comment(lib, "Avanguard.lib")

int main() { // Using of Avanguard's symbols binds it to your app: printf("[i] AvnStub: %p\n", Stub); while (true); } ```

Or you can add it to import table manually using PE editors like CFF Explorer: 1. Right click on your exe/dll 2. Open with CFF Explorer 3.

Import Adder
tree entry -> Add -> Choose Avanguard.dll 4. Choose
-> Import by name -> Rebuild import table 5. Go to
Import directory
tree entry 6. Right click on Avanguard.dll -> Move up 7. Move it on the top of import list (it allows Avanguard.dll to load before of all another dlls) 8. Press
button (💾 button at the top) 9. Done! Now put the Avanguard.dll to the same folder as your exe/dll.

🛠 Settings:

You can change enabled features in the

If you want to use it with JIT, you MUST enable
to prevent a false detections.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.