/USTA

USTA is a C++ project that implements a lightweight mechanism for hooking critical syscalls in user space

Primary LanguageC++

๐Ÿ›ก๏ธ USTA_DLL - Userland Syscall Tracing Agent

USTA_DLL is a Windows x64 DLL that hooks native system calls (ntdll.dll) to trace and log key userland API calls. It's designed for malware analysis, red team tooling, and behavioral monitoring.

๐Ÿ”ง Features

  • Inline hooking of native syscalls:
    • NtOpenProcess
    • NtCreateThreadEx
    • NtWriteVirtualMemory
    • NtReadVirtualMemory
    • NtAllocateVirtualMemory
    • NtMapViewOfSection
  • Logs events in JSON format
  • Supports stdout or file-based logging
  • Easy to inject into any target process (e.g., using Extreme Injector)

๐Ÿงช Usage

  1. Compile the project as a x64 DLL (Debug or Release)
  2. Inject USTA_DLL.dll into a target process (e.g., mimikatz.exe)
  3. View logs in:
    • Console (stdout)
    • Log file (e.g., C:\Temp\usta_hooks.log)
    • Or attach DebugView for OutputDebugString monitoring

๐Ÿ“ Project Structure

USTA\_DLL/
โ”œโ”€โ”€ dllmain.cpp
โ”œโ”€โ”€ HookManager.cpp/.h
โ”œโ”€โ”€ Syscalls.cpp/.h
โ”œโ”€โ”€ Logger.cpp/.h
โ”œโ”€โ”€ pch.h / pch.cpp

โš ๏ธ Disclaimer

This project is for educational and research purposes only. Use it responsibly.

๐Ÿ“œ License

MIT License