TITAN-Softwork-Solutions/BLIND

GitHub: TITAN-Softwork-Solutions/BLIND

Stars: 1 | Forks: 0

BLIND

Standalone user-mode EDR sensor runtime for owned-process telemetry, hook diagnostics, launch-gate validation, and SDK host integration.

## REQUIREMENTS Windows 10 22H2 or higher, 64-bit, with Visual Studio 2022+ and the MSVC C++ toolchain. ## FEATURES - Standalone `BLIND.dll` user-mode sensor runtime with no kernel-driver control plane - Host-controlled named-pipe telemetry over the public `IXIPC` packet ABI - Custom pipe selection through `BLIND_PIPE_NAME`, `--pipe`, or host-side SDK configuration - Readiness reporting for IPC, Winsock, NT, KI, and optional full hook state - Usermode hook telemetry for NT, Winsock, KI/PIC, exception, integrity, and runtime self-map surfaces - Launch-gate mode for suspended owned-process startup, first-entry trap capture, runtime initialization, and controlled resume - Hook event batching, asynchronous publication, readiness acknowledgement, and diagnostic fallback paths - Self-map telemetry for runtime state, indirect handles, hook patches, syscall stubs, launch-gate pages, and launch-gate park contexts - Exported local VEH telemetry API through `IxRegisterVectoredExceptionHandler`, `IxPromoteVectoredExceptionHandlerToFront`, and `IxUnregisterVectoredExceptionHandler` - Diagnostic runner that injects the DLL, hosts the IPC service, captures events, writes logs, and fails closed when expected telemetry is missing - Minimal SDK host sample that shows how to integrate BLIND into another local sensor or collection service - Benign owned test targets for normal injection smoke testing and early launch-gate validation ## PROJECTS - `vcxproj/BLIND.vcxproj` builds `BLIND.dll` - `vcxproj/BlindRunner.vcxproj` builds the diagnostic runner and IPC endpoint - `vcxproj/BlindSdkHost.vcxproj` builds the minimal SDK integration host - `vcxproj/BlindTestTarget.vcxproj` builds the normal benign owned test process - `vcxproj/BlindLaunchGateTarget.vcxproj` builds the no-CRT launch-gate target ## HARNESS DEMO Run the normal diagnostic harness: .\bin\Debug\x64\BlindRunner.exe Run with verbose event printing and a custom pipe: .\bin\Debug\x64\BlindRunner.exe --pipe \\.\pipe\BLINDDemoPipe --verbose Run the early launch-gate harness: .\bin\Debug\x64\BlindRunner.exe --launch-gate --pipe \\.\pipe\BLINDLaunchGateDemo Each runner execution writes a diagnostic bundle: .\bin\\\BlindDiagnostics\run-YYYYMMDD-HHMMSS-\ The bundle includes `summary.txt`, `events.jsonl`, `selfmap.tsv`, and `logs\blind-runtime-.log`. ## SDK INTEGRATION The SDK surface is intentionally small: - `sdk/include/blind/blind_ipc.h`: host-facing IPC packet ABI, pipe constants, event records, batches, and readiness masks - `sdk/include/blind/blind_veh.h`: exported in-process VEH telemetry helper API - `sdk/samples/host/BlindSdkHost.cpp`: minimal host that creates the pipe, starts an owned target, loads `BLIND.dll`, and consumes telemetry Run the SDK host: .\bin\Debug\x64\BlindSdkHost.exe .\bin\Debug\x64\BlindSdkHost.exe --pipe \\.\pipe\BLINDSdkPipe --verbose Consumers that link against `BLIND.dll` should define `IX_BLIND_IMPORTS` and link the matching `BLIND.lib`. ## COMPILATION Build from this directory with Visual Studio 2022+ MSBuild: msbuild .\vcxproj\BLIND.vcxproj /p:Configuration=Release /p:Platform=x64 msbuild .\vcxproj\BlindTestTarget.vcxproj /p:Configuration=Release /p:Platform=x64 msbuild .\vcxproj\BlindLaunchGateTarget.vcxproj /p:Configuration=Release /p:Platform=x64 msbuild .\vcxproj\BlindRunner.vcxproj /p:Configuration=Release /p:Platform=x64 msbuild .\vcxproj\BlindSdkHost.vcxproj /p:Configuration=Release /p:Platform=x64 Expected artifacts: .\bin\Release\x64\BLIND.dll .\bin\Release\x64\BLIND.lib .\bin\Release\x64\BlindRunner.exe .\bin\Release\x64\BlindSdkHost.exe .\bin\Release\x64\BlindTestTarget.exe .\bin\Release\x64\BlindLaunchGateTarget.exe Release preflight: .\bin\Release\x64\BlindRunner.exe .\bin\Release\x64\BlindRunner.exe --launch-gate --pipe \\.\pipe\BLINDReleaseLaunchGate .\bin\Release\x64\BlindSdkHost.exe A passing launch-gate run reports `ready_mask=0x0000000F`, `child_exit=0x00000000`, and `launch_gate_traps > 0`. ## DOCUMENTATION - `docs/SDK.md`: SDK headers, packet ABI, and host expectations - `docs/INTEGRATION.md`: integration boundary and host responsibilities - `docs/DIAGNOSTICS.md`: runner output, event JSONL, self-map TSV, and runtime logs - `docs/RELEASE.md`: controlled handoff and preflight checklist ## DISCLAIMER BLIND is provided for authorized internal security engineering, defensive validation, and controlled research only. Unauthorized monitoring, deployment, evasion, persistence, or use against systems you do not own or administer may violate law and policy. ## LICENSE Copyright (c) TITAN Softwork Solutions. All rights reserved. BLIND is governed by `LICENSE.md`: PolyForm Noncommercial 1.0.0 with a BLIND Defensive Use Addendum and DSGL/export-control notice.