[pull] capemon from kevoreilly:capemon by pull[bot] · Pull Request #150 · EnegyBase/capemon

pull · 2025-01-27T15:22:34Z

See Commits and Changes for more details.

Created by pull[bot] (v2.0.0-alpha.1)

Can you help keep this open source service alive? 💖 Please sponsor : )

Most Windows VMs don't support either S0 or S3 sleep out of the box, which can be used as an anti-VM measure.

Corrected field name

Initial support for hooking FindFixAndRun in cmd.exe

…ed) to analysis log: hook-watch=1, actionX=hook-watch

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

…6a86546ac79b7647bd6f3c3523dd910e6a56e427c45197e957e268df8df2

…to allow RestoreHeaders() to work properly, and hence VMProtect binaries

… hook type fails (e.g. GetCommandLineA/W - fixes #134), improve hook_api() code structure

… "&src" & "&dst" (e.g. action0=dumpimage:&src) for instruction parsing, GetOperand() supporting function

… log

…perly tested this

…ck in capemon.c

Improve TLS 1.3/1.2 Key Capture & Scylla ATL-Removal Build Cleanup

…s one-shot)

…t ping delays (e.g. 93ff044e9247c1136e328b8bd3d225513ab3b2975c8e0e03b8f2c52aec9f0be9 - ping 127.0.0.1 -n 39)

- Preserve logging in GetSystemMetrics by modifying the return variable instead of returning early. - Zero out buffer and set ReturnLength to 0 in NtQuerySystemInformation when spoofing SystemHypervisorDetailInformation. - Validate cpu-count configuration value to be greater than 0.

…label from SYSTEM_INFORMATION_CLASS for comparison

Add configurable spoofed CPU core count and resolution spoofing

…g.spoofed_cpu_count

…olumeInformationFile

…strings Add NULL variant guards and explicit VT_EMPTY formatting to prevent monitor crashes and host-side parser mismatches. Addresses 'log: Fix BSON array gaps by serializing empty/null variants as empty strings... names WMI_Get' in netlog.py processing

…to it

log: Fix BSON array gaps by serializing empty/null variants as empty …

Domain spoof

Adding clipboard hooks

…ep handler

Fix missing nostealth

pull Bot added the ⤵️ pull label Jan 27, 2025

mhdo298 and others added 29 commits August 22, 2025 12:07

Update hook_power.c for more accurate anti-anti-vm measures

d4aa770

Most Windows VMs don't support either S0 or S3 sleep out of the box, which can be used as an anti-VM measure.

Update hook_power.c

d9cd7cf

Corrected field name

Moved hook declaration to misc hooks

27a7d3d

Moved hook declaration to misc hooks

04d21b3

Fix GetMinPESize() parameter (PIMAGE_DOS_HEADER)

1e84647

Changed according to comments

d4781c0

Moved back

eda5cc8

Update hooks.h

c2e8fdd

Remove Scylla code preventing dumping of MEW executables (fixes #106)

438141a

FindFixAndRun hook: improve FindFixAndRun yara signatures

b52cb56

hook_api (64-bit): test h->library before deref (exe hooks)

5010878

Update hook_misc.c

8307b50

Added hook for NtPowerInformation

883d1c9

Added more information to logging

158e745

Merge pull request #103 from KillerInstinct/hook_FindFixAndRun

de93e68

Initial support for hooking FindFixAndRun in cmd.exe

Merge branch 'capemon' into capemon

ed03bb7

Update hooks.c

9386ab8

Add 'hook watch' feature to log hooks encountered (even if not execut…

10cead2

…ed) to analysis log: hook-watch=1, actionX=hook-watch

Fix logging bug in NtReadVirtualMemory hook

2a41c63

Fix logging bug in NtWriteVirtualMemory hook

c73909c

Removed GetPwrCapabilities Hook

f18dd16

Removed GetPwrCapabilities Hook

210ab9c

Removed hook and added more checks

33e78ec

AddTrackedRegion: remove unnecessary logging (CAPE.c)

45e08a8

add deepwiki link

c9b2bec

Update README.md

3f276d2

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

CoCreateInstance hook: remove disable_sleep_skip() breaking e.g. 493b…

b318e5f

…6a86546ac79b7647bd6f3c3523dd910e6a56e427c45197e957e268df8df2

Loader: use NewImportDirectorySize for patched import directory size …

cd9307d

…to allow RestoreHeaders() to work properly, and hence VMProtect binaries

Merge branch 'capemon' into ntsockets

cf1f75f

kevoreilly and others added 30 commits May 28, 2026 14:57

Hooking: enhance 32-bit engine to fall back to HOOK_SAFEST if default…

be71bc2

… hook type fails (e.g. GetCommandLineA/W - fixes #134), improve hook_api() code structure

Debugger: Action target argument enhanced with keywords "src", "dst",…

5d28920

… "&src" & "&dst" (e.g. action0=dumpimage:&src) for instruction parsing, GetOperand() supporting function

CAPEExceptionFilter: add ignored non-internal breakpoints to analysis…

824fb2b

… log

Revert breaking changes to standalone from 1ee2117 - I wish I had pro…

9de6480

…perly tested this

Properly fix the issue breaking standalone mode - remove obsolete che…

9ec9d5d

…ck in capemon.c

Merge pull request #132 from wmetcalf/tls-capture-improvements

01069aa

Improve TLS 1.3/1.2 Key Capture & Scylla ATL-Removal Build Cleanup

Debugger: Persistent software breakpoints via softbpmode=1 (default i…

1053b5d

…s one-shot)

SetInitialBreakpoints: log failure to set syscall breakpoints

d943b1c

NtCreateUserProcess hook: Dynamically patch ping commandline to thwar…

0e04c05

…t ping delays (e.g. 93ff044e9247c1136e328b8bd3d225513ab3b2975c8e0e03b8f2c52aec9f0be9 - ping 127.0.0.1 -n 39)

antis

9bb9915

Fix bad character in comment

b003183

NtQuerySystemInformation hook: use SystemHypervisorDetailInformation …

51f540b

…label from SYSTEM_INFORMATION_CLASS for comparison

Merge pull request #137 from doomedraven/features

5c4ce78

Add configurable spoofed CPU core count and resolution spoofing

SpoofWmiData: squash compiler warnings with casts to LONG for g_confi…

efd52c8

…g.spoofed_cpu_count

Enable hooks: GetVolumeInformationA, GetVolumeInformationW & NtQueryV…

1b35456

…olumeInformationFile

Validate buffer not NULL & bufferSize > 0 before attempting to write …

5fc68f0

…to it

Merge pull request #139 from enzok/improve-01

078d4ac

log: Fix BSON array gaps by serializing empty/null variants as empty …

Domain spoof: final fixes

04c2848

Merge pull request #129 from cccs-mog/DomainSpoof

c3e4c1f

Domain spoof

Adding clipboard hooks: final fixes

82d8fd9

Merge pull request #128 from cccs-mog/Clipboard

3801fb4

Adding clipboard hooks

RestoreSoftwareBreakpoint: fix issue passing to an existing single-st…

6e0c97c

…ep handler

Crypto hook overhaul

86f53aa

Integrate missing stealth

1d2dc1d

Merge branch 'kevoreilly:capemon' into fix-missing-nostealth

1e0c564

Fix missing nostealth: Gemini fixes

580b78b

Merge pull request #140 from CaptWake/fix-missing-nostealth

dc22516

Fix missing nostealth

hook_misc.c: fix tabs from spaces

bddebf0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[pull] capemon from kevoreilly:capemon#150

[pull] capemon from kevoreilly:capemon#150
pull[bot] wants to merge 336 commits into
EnegyBase:capemonfrom
kevoreilly:capemon

pull Bot commented Jan 27, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

11 participants

Uh oh!

Conversation

pull Bot commented Jan 27, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

11 participants

pull Bot commented Jan 27, 2025 •

edited

Loading