forked from IDontCode/Theodosius
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
14 lines
1.3 KiB
14 lines
1.3 KiB
<div align="center">
|
|
<div>
|
|
<img width="25%" src="https://githacks.org/_xeroxz/theodosius/-/raw/07b58a233c0fbd289856c90158fe342fc4be4deb/imgs/theo.jpg"/>
|
|
</div>
|
|
<img src="https://githacks.org/_xeroxz/theodosius/-/raw/3f9bf97a6d74983d1f015c5812f4edb8ddbeec22/imgs/Windows%2010-Supported-green.svg"/>
|
|
<img src="https://githacks.org/_xeroxz/theodosius/-/raw/07b58a233c0fbd289856c90158fe342fc4be4deb/imgs/Windows%207-supported-green.svg"/>
|
|
</div>
|
|
|
|
# Theodosius - Jit linker, Mapper, Mutator, and Obfuscator
|
|
|
|
Theodosius (Theo for short) is a jit linker created entirely for obfuscation and mutation of both code, and code flow. The project is extremely modular in design and supports
|
|
both kernel and usermode projects. Since Theo inherits HMDM (highly modular driver mapper), any vulnerable driver that exposes arbitrary MSR writes, or physical memory read/write can be used with this framework. This is possible since HMDM inherits VDM (vulnerable driver manipulation), and MSREXEC (elevation of arbitrary MSR writes to kernel execution).
|
|
|
|
Since Theo is a jit linker, unexported symbols from PE files can be jit linked. Resolving such symbols is open ended and allows the user of this framework to handle how they want to resolve symbols. More on this later (check out example projects). |