Skip to content

iProB1/nox

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
nox
nox
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

🌙 NOX - Kernel Library

License Windows Platform

Stealth-focused kernel module resolver with zero PE imports

✨ Features

  • 🎯 Zero PE Imports - Only PsLoadedModuleList is imported, everything else is dynamically resolved
  • 🕵️ Stealth First - Designed for minimal detection footprint
  • ⚡ Lightweight - Header-only, no external dependencies
  • 🔧 Universal - Works with any kernel module (ntoskrnl, win32k, CI.dll, etc.)
  • 📦 No CRT Required - Custom string functions, no runtime dependencies
  • 🚀 High Performance - Everything is __forceinline

📋 Requirements

  • Windows 10 / 11 (x64)
  • Visual Studio 2022+
  • WDK (Windows Driver Kit)

🔧 Installation

Simply copy nox.hpp and nt.hpp to your project:

project/
├── nox.hpp    # base class for any module
├── nt.hpp     # ntoskrnl specialization
└── driver.cpp # your code

🚀 Quick Start

#include "nt.hpp"

NTSTATUS DriverEntry(PDRIVER_OBJECT driver_obj, PUNICODE_STRING reg_path)
{
    PVOID current_process = nt.ps_get_current_process();
    PVOID peb = nt.ps_get_process_peb(current_process);
    
    // use macro for cleaner code
    PVOID proc = NT_CALL(PsGetCurrentProcess);
    
    // force TLB invalidation and cache flush across all processors
    nt.flush_caches(proc);
    
    return STATUS_SUCCESS;
}

About

Stealth-focused Windows kernel library with zero PE imports. Dynamic ntoskrnl function resolver for x64 Windows 10/11.

Topics

windows-kernel kernel-driver stealth dynamic-resolution ntoskrnl

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages