Proxying & Loading โ DLL Proxy with Indirect Syscalls, ETW Bypass & Module Stomping
An academic study on how a proxy DLL can impersonate a legitimate library while loading and executing an encrypted payload โ without touching hooked Win32 APIs, without leaving RWX memory, and without writing a single byte to ntdll.