You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was created on GitHub.com and signed with GitHub’s verified signature.
Kernel-Level Execution Syscall Engine (Halo's & Tartarus Gate Fusion): Implemented a multi-architecture syscall resolution system for improved stealth. This hybrid engine combines the strengths of multiple modern techniques:
The injector first attempts a Halo's Gate approach by dynamically calculating the required System Service Numbers (SSNs) and hunting for clean, unhooked syscall stubs within ntdll.dll.
In heavily monitored environments where no clean stubs can be found (as discovered on Windows on ARM64 installations), the system automatically pivots to a Tartarus Gate methodology. It directly leverages the function pointers of the (potentially hooked) Zw functions, ensuring execution continuity by passing through the EDR's hooks to the kernel.
This dual-pronged strategy provides maximum stealth and operational resilience across diverse target environments on both x64 and ARM64.
Stealth Enhancement (IPC): Transitioned from file-based IPC to Named Pipes for configuration and logging. chrome_inject.exe (server) passes a unique pipe name to the target's remote memory. chrome_decrypt.dll (client) uses this pipe for receiving output path configuration and for streaming log data/completion signals directly to the injector, minimizing on-disk artifacts and eliminating global named event usage.
