Atlas is a reflective x64 loader that has the following features:
- Retrieve of DLL and PE from a remote server
- Manual Mapping on a remote process
- Position independent code
- Use of indirect Syscalls
- ZwAllocateVirtualMemory
- ZwProtectVirtualMemory
- ZwQuerySystemInformation
- ZwFreeVirtualMemory
- ZwCreateThreadEx
- Single stub for all Syscalls
- Dynamic SSN retrieve
- Dynamic Syscall address resolution
- Atlas also uses
- LdrLoadDll
- NtWriteVirtualMemory
- Custom implementations of
- GetProcAddress
- GetModuleHandle
- API hashing
- Cleanup on error
- Variable EntryPoint
Atlas needs to be compiled using x86_64-w64-mingw32-g++, once you have it on your system, just execute make (or mingw32-make.exe) on the project folder
- Improve the way the syscalls are made
- x86 support
- Give more flexibility to the HTTP client
- Implement some form of encryption on the remote connection
There are improvements that could be made such as modifying the way syscalls are executed with a consistent and error-proof assembly code. In the future this could be implemented.