nt-mapper PE mapper in c++17 Features Relocate image Fix import address table Handle api-set Export directory parsing (forwarded and normal) Two execution modes: 'Thread creation' and 'Thread hijacking' Thread Hijacker Preserves all registers, volatile or not Exception 1: SSE registers Exception 2: AVX registers Preserves all flags Automatically frees hijack shellcode after execution Arbitrary shadow-space for dllmain Aligns stack in case of recusant code To-do Static TLS TLS callbacks Loader entry C++ exceptions Thanks DarthTon Daax JustMagic