This project is a demonstration of how one can create system threads on Windows that are almost completely transparent to the system (i.e., they do not appear to be malicious or from an unknown source). Inspired by this similar project, CovertThread aims to extend the capabilities by removing an entire loaded module from the system page tables and preventing individual thread introspection via non-maskable interrupts (NMIs). The project demonstrates an example of how to initialize the custom address space (which includes a fully controlled interrupt descriptor table (IDT)) and how one can create threads from both outside and within this new address space. This address space allows for direct function execution with no macros or additional function calls necessary, making it exeptionally easy to use.
I intend to release a detailed write-up with figures and in-depth explanations of design choices in the near future.