Welcome to the AMSI BYPASS directory of Rust-for-Malware-Development.
This folder collects different ways to silence the Windows Antimalware Scan Interface (AMSI) so that scripts and payloads slip past AmsiScanBuffer without being flagged.
Amsi_HBP:
Hardware-breakpoint bypass. Uses the CPU debug registers to intercept AmsiScanBuffer and force it to return a “clean” result without modifying amsi.dll on disk.
Amsi_Page_Guard_Exceptions:
Patchless bypass. Turns the AMSI code page into a guarded trap so every call raises an exception, then a vectored handler rewrites the result to AMSI_RESULT_CLEAN and fakes a return.
Amsi_simple_patch:
Classic in-memory patch. Overwrites the first few bytes of AmsiScanBuffer with mov eax, 0; ret so the scanner always reports success.
Clone the repository and step into the folder:
git clone https://github.com/Whitecat18/Rust-for-Malware-Development.git
cd Rust-for-Malware-Development/AMSI\ BYPASS
Each sub-folder is its own Cargo project. Open the one you want and build with cargo build --release.