The Tradecraft Garden

The Tradecraft Garden is a collection of position-independent capability loaders with background information on each.

Download

• Source (20251027)

Technique Hikes

• Page Streaming Use guard pages and Vectored Exception Handlers to "stream" DLL pages as needed
• Stack Cutting Push sensitive Win32 API calls through a stack-cutting call proxy.

Common Ground

• Tradecraft Garden Library DLL loading, PICO running, and printf debugging for PIC and PICOs

Learning Path

• Reflective DLL Injection Stephen Fewer's ReflectiveDLLInjection with minimal changes
• Simple Loader 1 Simple DLL loader
• Simple Loader 2 (COFF) Simple DLL loader that frees itself with an embedded COFF
• Simple Loader 3 (Resource Masking) Simple DLL loader that accesses masked resources
• Simple Loader 4 (Pointer Patching) Simple DLL loader that bootstraps with patched-in pointers
• Simple Loader 5 (Execution Guardrails) Simple DLL loader that implements execution guardrails
• Simple Loader 6 (Hooking) Simple DLL loader that uses IAT hooks to change loaded DLL's behavior
• Simple Loader 7 (COFF Capability) Simple OBJ loader
• Simple Loader 8 (Mixed COFF and DLL) Simple OBJ and DLL loader (supporting both)
• Simple PIC 9 Simple PIC (no loader)