Skip to content

bypasscore/bypasscore-sdk

BranchesTags

Repository files navigation

BypassCore SDK

Cross-platform hooking engine, memory introspection framework, and security research primitives.

CI License: MIT Platform C++17

What is BypassCore SDK?

BypassCore SDK is the foundational library powering the entire BypassCore toolchain. It provides battle-tested, low-level primitives for:

  • Function hooking (inline detours, IAT patching, VMT swapping, syscall interception)
  • Memory introspection (region enumeration, pattern scanning, page protection manipulation)
  • Process interaction (read/write memory, module enumeration, thread control, privilege management)
  • Binary analysis (PE parsing, instruction length disassembly, relocation processing)

Designed for security researchers, reverse engineers, and tool developers who need reliable, well-documented building blocks.

Architecture

+-------------------------------------------------------------------+
|                        BypassCore SDK                              |
|-------------------------------------------------------------------|
|  Hook Engine          | Memory Engine       | Binary Engine       |
|  - Inline Detour      | - Region Enum       | - PE Parser         |
|  - IAT Hook           | - AOB Scanner       | - Disassembler      |
|  - VMT Hook           | - Memory Patch      | - Reloc Processing  |
|  - Syscall Hook       | - Page Protection   | - Import/Export     |
|  - Trampoline Gen     | - Code Cave Finder  |                     |
|-------------------------------------------------------------------|
|  Process Layer        | Platform Layer      | Utilities           |
|  - Process Enum       | - OS Detection      | - Result<T,E>       |
|  - Module Mgmt        | - Arch Detection    | - Logger            |
|  - Thread Control     | - NT API Resolver   | - Scope Guard       |
|  - Token/Privilege    |                     | - FNV-1a Hash       |
+-------------------------------------------------------------------+

Platform Support

Platform Architecture Status
Windows 11/10 x64 Fully supported
Windows 11/10 x86 Fully supported
Windows 11 ARM64 Trampoline support
Windows 8.1/7 x86/x64 Supported (limited testing)
Linux x64 Partial (memory scanning, PE parsing)

Quick Start

Building

git clone https://github.com/bypasscore/bypasscore-sdk.git
cd bypasscore-sdk
cmake -B build -DBYPASSCORE_BUILD_TESTS=ON -DBYPASSCORE_BUILD_EXAMPLES=ON
cmake --build build --config Release

Basic Usage

Hook a Function

#include "bypasscore/hook/detour.h"

using MessageBoxA_t = int(WINAPI*)(HWND, LPCSTR, LPCSTR, UINT);
MessageBoxA_t orig = nullptr;

int WINAPI hooked(HWND h, LPCSTR text, LPCSTR cap, UINT type) {
    printf("Intercepted: %s\n", text);
    return orig(h, "[Hooked]", cap, type);
}

bypasscore::hook::DetourHook hook;
hook.install(GetProcAddress(GetModuleHandleA("user32"), "MessageBoxA"),
             hooked, &orig);

Scan for a Pattern

#include "bypasscore/memory/scanner.h"

auto result = bypasscore::memory::find_pattern(
    data, size, "48 8B 05 ?? ?? ?? ?? 48 85 C0");
if (result && *result)
    printf("Found at offset: 0x%zX\n", **result);

Parse a PE File

#include "bypasscore/binary/pe.h"

auto pe = bypasscore::binary::PeImage::parse(data, size);
if (pe) {
    printf("Image base: 0x%llX\n", pe->image_base());
    for (const auto& sec : pe->sections())
        printf("  %s: 0x%X (%zu bytes)\n",
               sec.name.c_str(), sec.virtual_address, sec.virtual_size);
}

Module Overview

Hook Engine (include/bypasscore/hook/)

Component Description
detour.h Inline detour hooking with automatic trampoline generation
iat_hook.h Import Address Table patching for per-module interception
vmt_hook.h Virtual Method Table swapping for C++ object hooks
syscall_hook.h NT syscall stub patching for kernel-boundary interception
trampoline.h Low-level trampoline code generation (x86, x64, ARM64)
engine.h Central hook lifecycle management

Memory Engine (include/bypasscore/memory/)

Component Description
region.h Memory region enumeration and abstraction
scanner.h AOB pattern scanning with SIMD acceleration (SSE2)
patch.h Transactional memory patching with rollback
protection.h RAII page protection manipulation
allocator.h Code cave finder and near-address trampoline allocator

Binary Analysis (include/bypasscore/binary/)

Component Description
pe.h Complete PE32/PE32+ parser (headers, sections, imports, exports)
disasm.h Lightweight x86/x64 instruction length disassembler
reloc.h Base relocation table parsing and application

Process Layer (include/bypasscore/process/)

Component Description
process.h Process enumeration, memory read/write, module listing
module.h Module abstraction with PE integration
thread.h Thread enumeration, suspend/resume
token.h Token privilege management (SeDebugPrivilege, etc.)

Platform (include/bypasscore/platform/)

Component Description
os.h OS detection via RtlGetVersion (bypasses compatibility shims)
arch.h Compile-time architecture detection
ntapi.h Dynamically resolved undocumented NT API declarations

Performance

Pattern scanning benchmarks (1GB buffer, 16-byte pattern):

Method Throughput
Scalar scan ~2.1 GB/s
SSE2 SIMD scan ~8.4 GB/s

Hooking overhead per call:

Hook Type Overhead
Inline Detour ~2-5 ns
IAT Hook ~1 ns (pointer indirection)
VMT Hook ~1 ns (pointer indirection)

Python Bindings

cd bindings/python
pip install pybind11
python setup.py build_ext --inplace
import pybypasscore as bc

bc.initialize()
print(bc.get_os_version())
print(bc.fnv1a_32("CreateFileW"))

offset = bc.scan_buffer(data, "48 8B 05 ?? ?? ?? ??")
procs = bc.enumerate_processes()

Tools

  • bc_dump - PE header dump utility
  • bc_scan - Standalone file pattern scanner

Research References

This SDK draws from extensive research in the security community:

Responsible Use

This SDK is intended for authorized security research, education, and legitimate software development only. By using this software, you agree to:

  • Only test on systems you own or have written authorization to test
  • Comply with all applicable laws and regulations in your jurisdiction
  • Not use this software for malicious purposes, piracy, or unauthorized access
  • Report any vulnerabilities you discover responsibly

See SECURITY.md for our security policy and vulnerability reporting process.

License

MIT License - see LICENSE for details.

Contact

Building on BypassCore SDK? Need commercial licensing, custom modules, or integration support?

Support

Help keep BypassCore open-source and independent.

Network Address
Polygon 0xd0f38b51496bee61ea5e9e56e2c414b607ab011a
Ethereum 0xd0f38b51496bee61ea5e9e56e2c414b607ab011a
BSC 0xd0f38b51496bee61ea5e9e56e2c414b607ab011a
Arbitrum 0xd0f38b51496bee61ea5e9e56e2c414b607ab011a
Optimism 0xd0f38b51496bee61ea5e9e56e2c414b607ab011a
Avalanche 0xd0f38b51496bee61ea5e9e56e2c414b607ab011a

USDT / USDC / ETH / BNB accepted on all networks.

About

BypassCore SDK — cross-platform hooking engine, memory introspection framework, and security research primitives powering the BypassCore toolchain

Topics

windows sdk cpp x86-64 reverse-engineering binary-analysis pe-format hooking memory-forensics security-research

Resources

Readme

License

MIT license

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages