WowGrail Save

PoC: Rebuild A New Path Back to the Heaven's Gate (HITB 2021)

Project README

wowGrail

Rebuild a new to Abuse the conversion layer embedded in WOW64(Windows 32 on Windows 64), that makes malware able to launch 32-bit NTAPI interrupts, and bypass Antivirus agents in no time.

It's a proof-of-concept of the talk of HITB 2021. There are more details about reversing the whole WOW64 layer by Microsoft and abuse, see Rebuild The Heaven's Gate: from 32 bit Hell back to Heaven Wonderland.

HIGHLY RECOMMEND

Compile It in Release mode, if you're using MSVC toolchain. Due to MSVC's performance instrumentation in Debug mode, there'll be an unexpected memory layout.

Demo

Open Source Agenda is not affiliated with "WowGrail" Project. README Source: aaaddress1/wowGrail

Stars

100

Open Issues

Last Commit

3 years ago

Repository

aaaddress1/wowGrail

License

GPL-3.0

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/wowgrail"><img src="https://www.opensourceagenda.com/projects/wowgrail/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022