# darthton/blackbone

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/darthton-blackbone).**

5,431 stars · 1,421 forks · C++ · MIT

## Links

- GitHub: https://github.com/DarthTon/Blackbone
- awesome-repositories: https://awesome-repositories.com/repository/darthton-blackbone.md

## Description

Blackbone is a collection of specialized tools for memory scanning, process injection, and kernel-driver interfaces used to manipulate the Windows execution environment. It provides a framework for executing remote code, mapping portable executable images, and managing threads across different process boundaries.

The project includes a kernel memory driver to access kernel memory and modify handle rights to hide allocations from user-mode detection. It also features a library for intercepting function calls in remote processes using software interrupts and hardware breakpoints.

The toolkit covers broader capabilities in virtual memory manipulation, such as reading, writing, and allocating memory in local or remote processes. It further provides utilities for memory pattern searching to locate specific byte sequences and module management for injecting or ejecting binaries.

## Tags

### Operating Systems & Systems Programming

- [Kernel-Level Operations](https://awesome-repositories.com/f/operating-systems-systems-programming/kernel-core-internals/operating-system-kernels/kernel-level-operations.md) — Ships a kernel memory driver to access kernel memory and modify handle rights to hide user-mode allocations. ([source](https://github.com/darthton/blackbone#readme))
- [Process Injection Frameworks](https://awesome-repositories.com/f/operating-systems-systems-programming/process-injection-frameworks.md) — Provides a comprehensive framework for deploying code into active processes and bridging host and target memory.
- [Cross-Process Code Execution](https://awesome-repositories.com/f/operating-systems-systems-programming/cross-process-code-execution.md) — Enables the execution of custom assembly instructions within a separate process using various calling conventions. ([source](https://github.com/darthton/blackbone#readme))
- [Offensive Kernel Drivers](https://awesome-repositories.com/f/operating-systems-systems-programming/kernel-core-internals/kernel-development/kernel-driver-implementation/offensive-kernel-drivers.md) — Implements a kernel-mode driver for low-level system manipulation and hiding memory allocations from detection.
- [Kernel Memory Access](https://awesome-repositories.com/f/operating-systems-systems-programming/kernel-memory-access.md) — Enables reading and modifying data within the kernel address space using a privileged driver.
- [Process Memory Allocation](https://awesome-repositories.com/f/operating-systems-systems-programming/process-memory-allocation.md) — Creates and modifies memory regions within target processes for storing dynamic data. ([source](https://github.com/darthton/blackbone#readme))
- [Process Memory Scanners](https://awesome-repositories.com/f/operating-systems-systems-programming/process-memory-scanners.md) — Searches process memory segments for specific byte patterns to locate data or code.
- [Remote Thread Injection](https://awesome-repositories.com/f/operating-systems-systems-programming/remote-thread-injection.md) — Provides capabilities for executing custom assembly and code in external processes via remote thread creation.
- [Runtime Memory Manipulation](https://awesome-repositories.com/f/operating-systems-systems-programming/runtime-memory-manipulation.md) — Provides tools for modifying the memory of running Windows processes to alter their state or behavior.
- [Virtual Memory Mappers](https://awesome-repositories.com/f/operating-systems-systems-programming/virtual-memory-management/virtual-memory-mappers.md) — Provides utilities for manually adding and modifying pages in the virtual memory map of remote processes.
- [Thread Management](https://awesome-repositories.com/f/operating-systems-systems-programming/thread-management.md) — Implements primitives for creating, terminating, suspending, and resuming threads across different session boundaries. ([source](https://github.com/darthton/blackbone#readme))

### Development Tools & Productivity

- [Memory Pattern Searching](https://awesome-repositories.com/f/development-tools-productivity/memory-pattern-searching.md) — Includes tools for scanning process virtual address space for unique byte sequences to locate functional code.

### Graphics & Multimedia

- [Windows API Hooking Engines](https://awesome-repositories.com/f/graphics-multimedia/graphics-engines-rendering/rendering/graphics-apis-bindings/graphics-rendering-apis/windows-api-hooking-engines.md) — Ships a general-purpose engine for intercepting and altering Windows API function calls.

### Security & Cryptography

- [Remote Memory Manipulation](https://awesome-repositories.com/f/security-cryptography/remote-memory-manipulation.md) — Provides capabilities for modifying memory and system state in remote Windows targets.

### Software Engineering & Architecture

- [Remote Process Hooking](https://awesome-repositories.com/f/software-engineering-architecture/function-hooking/remote-process-hooking.md) — Provides a library for intercepting function calls in remote processes using software interrupts and hardware breakpoints. ([source](https://github.com/darthton/blackbone#readme))
- [Interrupt-Based Hooks](https://awesome-repositories.com/f/software-engineering-architecture/function-hooking/interrupt-based-hooks.md) — Intercepts target function calls using software interrupts and hardware breakpoints to redirect execution flow.

### DevOps & Infrastructure

- [Manual PE Mapping](https://awesome-repositories.com/f/devops-infrastructure/cicd-pipeline-automation/core-build-engines/build-tooling/high-performance/linkers/multithreaded-pe-coff/pe-coff-loaders/manual-pe-mapping.md) — Manually maps Portable Executable sections into memory, resolving imports and relocations without the native system loader.

### Programming Languages & Runtimes

- [Binary](https://awesome-repositories.com/f/programming-languages-runtimes/language-ecosystems-tooling/module-management/binary.md) — Enumerates, injects, and ejects binary modules and retrieves exported function addresses. ([source](https://github.com/darthton/blackbone#readme))

### User Interface & Experience

- [Process Injection Modules](https://awesome-repositories.com/f/user-interface-experience/dynamic-ui-injection/process-injection-modules.md) — Handles the injection and ejection of custom libraries into external process address spaces.

### Part of an Awesome List

- [Binary Analysis](https://awesome-repositories.com/f/awesome-lists/devtools/binary-analysis.md) — Offers a library for Windows memory hacking.
- [Development Libraries](https://awesome-repositories.com/f/awesome-lists/devtools/development-libraries.md) — Windows library for advanced memory editing and process manipulation.
- [Penetration Testing Toolkits](https://awesome-repositories.com/f/awesome-lists/security/penetration-testing-toolkits.md) — A library for Windows memory hacking and injection.
