Proof of Concept demonstrating a stealthy code loading technique (Process Doppelgänging / Phantom File variations) using Transactional NTFS (TxF) and kernel function hooking.
hook assembly x86-64 reverse-engineering dll-injection malware-research pe offensive-security portable-executable pe-loader code-injection process-hollowing red-teaming process-doppelganging peloader windows-loader hookpe hook-pe
-
Updated
Jan 18, 2026 - C++