Acheron Versions Save

indirect syscalls for AV/EDR evasion in Go assembly

v1.0.0

1 year ago

1.0.0 (2023-04-24)

Features

  • add hash func helper in package entrypoint (81bc1f4)
  • add helpers for errors (4d57328)
  • add internal resolver and util packages (f3c3edb)
  • add lib entrypoint and indirect syscall asm (7db263d)
  • add nosplit flag to asm routines (f995154)
  • add process snapshot example using acheron (5ac8f2a)
  • add zw exports parsing logic to resolver (19f45c7)
  • change signature for syscall func (89ce53c)
  • done resolver logic and add gadget search in asm (22a9c23)
  • ported ntdll module parsing to go assembly (21f66df)
  • replace djb2 with xored version in asm (4c2cd88)

Bug Fixes

  • correct offset for return value in gadget search (8de5eec)
  • fix broken indirect syscall asm implementation (8c9d99d)
  • fix helper function names after renaming (0783417)
  • fix inverse check in value comparison in error helper (e040b8a)
  • update helper asm routine names (6be7b5a)
  • update names of asm routines (fd67f62)

Continuous Integration

Code Refactoring

  • change hasher interface to func type (9e2294c)
  • improve error handling resolver and syscall (2d2fb24)
  • remove direct syscall support (919ad92)

Documentation

  • add custom hash function example (26844d5)
  • add example for direct vs indirect syscall comparison (8060bbf)
  • add examples summary table (ac7afc2)
  • update examples in readme (db97e78)
  • update examples readme (c381280)
  • update examples to reflect api changes (f85a9d0)
  • update main readme (5d41837)
  • update process snapshot readme (a3a897f)
  • update readme for proc snapshot example (2f6206a)
  • update sc_inject example (d5fc72d)

Misc

  • add comments to exported functions (428e9ba)
  • add exe to gitignore (624e035)
  • add gitattributes file (f6ded30)
  • add info and fix markdown syntax in readme (d36180e)
  • add notes to syscall asm for ret code (6da875b)
  • add package info to readme (3839328)
  • add readme banner (98ab801)
  • change hash func return type (011fe8d)
  • change instance var name for better distinction from pkg name (887c346)
  • change slice var name for clarity (5f1b1ce)
  • cleanup and add comments (68036a7)
  • fix incorrect newline in code example in main readme (7b90910)
  • fix wrong indentation (4312610)
  • fix wrong indentation in asm file (a9d63de)
  • fix wronge indents in asm file (12e929d)
  • improve comment in library entrypoint file (432af39)
  • initial commit (b6a503d)
  • license change (17ed9cf)
  • move examples table to main readme (4c80756)
  • move lib functions to entrypoint file (88edc76)
  • move syscall routines and stubs (6dc95b5)
  • remove unused pkg (23d1503)
  • remove unused types struct (3ceb34f)
  • rename asm file for consistency (26b26d7)
  • rename asm files (7b33816)
  • rename memory read functions (859833e)
  • rename vars and struct members for clarity (25f21db)
  • update gitignore (13923a5)
  • update mod and sum files (58a25b4)
  • update mod and sum files (4c0a173)
  • update mod and sum files (bc4c07d)