Need help with Avanguard?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

HoShiMin
159 Stars 47 Forks GNU General Public License v3.0 21 Commits 4 Opened issues

Description

The Win32 Anti-Intrusion Library

Services available

!
?

Need anything else?

Contributors list

# 86,579
C++
intel
c99
Objecti...
21 commits

Avanguard

The Win32 Anti-Intrusion Library

Avanguard is the Windows anti-injection library written on C++.

🔙🔚 Current and in-dev capabilities:

  • [✔️] Threads filter (against of CreateRemoteThread)
  • [✔️] Modules filter
  • [✔️] Memory filter (support of JIT-based languages)
  • [✔️] Stacktrace checker
  • [✔️] Windows hooks detection
  • [✔️] AppInit_DLLs disabler
  • [✔️] Memory mapping based injects detection
  • [✔️] APC filter
  • [✔️] Threads context filter (to prevent a context steal)
  • [❌] HWIDs collector
  • [❌] Java/C#/Delphi bindings and API
  • [❌] Anti-macroses (virtual input blocking)
  • [❌] Anti-debugging techniques
  • [❌] Self-modification support
  • [❌] DACLs-based protection

📝 Dependencies:

  • HookLib - lightweight and convenient hook library written on pure C and NativeAPI
  • Zydis - extremely lightweight disassembler
  • t1ha - the fastest hash ever
  • xorstr - a heavily vectorized C++17 compile-time strings encryptor

📐 How to use:

First of all, clone it with all dependencies:

git clone --recursive https://github.com/HoShiMin/Avanguard.git

All you need is to build the Avanguard.dll and add it to your application's import table. ```cpp

include

include

include

pragma comment(lib, "Avanguard.lib")

int main() { // Using of Avanguard's symbols binds it to your app: printf("[i] AvnStub: %p\n", Stub); while (true); } ```

Or you can add it to import table manually using PE editors like CFF Explorer: 1. Right click on your exe/dll 2. Open with CFF Explorer 3.

Import Adder
tree entry -> Add -> Choose Avanguard.dll 4. Choose
Stub
-> Import by name -> Rebuild import table 5. Go to
Import directory
tree entry 6. Right click on Avanguard.dll -> Move up 7. Move it on the top of import list (it allows Avanguard.dll to load before of all another dlls) 8. Press
save
button (💾 button at the top) 9. Done! Now put the Avanguard.dll to the same folder as your exe/dll.

🛠 Settings:

You can change enabled features in the

AvnDefinitions.h
file.
If you want to use it with JIT, you MUST enable
FEATURE_MEMORY_FILTER
to prevent a false detections.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.