0ffffffffh / system_call_hook_win10_1903View external linksLinks
This is the P.O.C source for hooking the system calls on Windows 10 (1903) using it's dynamic trace feature weakness
☆53Sep 12, 2019Updated 6 years ago
Alternatives and similar repositories for system_call_hook_win10_1903
Users that are interested in system_call_hook_win10_1903 are comparing it to the libraries listed below
Sorting:
- Monitor ETW events for Windows process mitigation policies, with stack traces☆31Oct 7, 2022Updated 3 years ago
- Example of hijacking system calls via function pointer tables☆31Jun 26, 2021Updated 4 years ago
- A driver that supports communication between a Windows guest and HyperWin☆15Jan 6, 2021Updated 5 years ago
- ☆15Oct 7, 2020Updated 5 years ago
- Simple Demo of using Windows Hypervisor Platform☆29Jul 14, 2025Updated 6 months ago
- Stealthy Injector that leverages a vulnerable driver and other exploits to remain undetected☆38Dec 10, 2018Updated 7 years ago
- Simple project that demonstrates how an ETW consumer can be created just by using NTDLL☆146Feb 23, 2019Updated 6 years ago
- A simple kernel mode driver that hooks some values at the KUSER_SHARED_DATA structure.☆27Jan 7, 2020Updated 6 years ago
- win10 pgContext dynamic dump (btc version)☆110Jan 15, 2020Updated 6 years ago
- Open Course for diving security internal☆52Nov 11, 2019Updated 6 years ago
- Driver demonstrating how to register a DPC to asynchronously wait on an object☆50Jan 15, 2021Updated 5 years ago
- Driver Loader/BE Bypass/Win Malware(lol)☆36Jun 25, 2019Updated 6 years ago
- For Example. See Miro's Blog☆30Nov 26, 2022Updated 3 years ago
- ☆19Jun 20, 2019Updated 6 years ago
- Communication via callback☆73Oct 9, 2019Updated 6 years ago
- ☆99Oct 6, 2017Updated 8 years ago
- A library for intel VT-x hypervisor functionality supporting EPT shadowing.☆51Mar 11, 2021Updated 4 years ago
- An example of a client and server using Windows' ALPC functions to send and receive data.☆115Jan 21, 2025Updated last year
- Hook NtDeviceIoControlFile with PatchGuard☆107May 10, 2022Updated 3 years ago
- ☆163Oct 29, 2020Updated 5 years ago
- C++ Exceptions in Windows Drivers☆221Dec 21, 2020Updated 5 years ago
- I'm going to be dropping code from the XC3 Driver (result of reversing the driver)☆71Jan 31, 2020Updated 6 years ago
- x64 PE-COFF virtualization driven obfuscation engine☆58Oct 14, 2022Updated 3 years ago
- Exploring Windows Internals.☆64Aug 18, 2020Updated 5 years ago
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆239Nov 6, 2019Updated 6 years ago
- A virtualization-based endpoint security solution for Windows☆88May 23, 2021Updated 4 years ago
- Lightweight WINAPI tracing with Pin☆27Aug 22, 2019Updated 6 years ago
- The kernel mode Standard Template Library Template☆19Feb 22, 2020Updated 5 years ago
- Rendering on external windows via hijacking thread contexts☆404Jun 28, 2020Updated 5 years ago
- reverse engineering of bedaisy.sys (battleyes kernel driver) - Aki2k/BEDaisy☆111Aug 10, 2020Updated 5 years ago
- Hide codes/data in the kernel address space.☆188May 8, 2021Updated 4 years ago
- ☆44Oct 7, 2018Updated 7 years ago
- ☆16Oct 31, 2022Updated 3 years ago
- Bypasses for Windows kernel callbacks PatchGuard protection☆44Aug 15, 2021Updated 4 years ago
- Global DLL injector☆71May 16, 2021Updated 4 years ago
- ☆29Jan 15, 2021Updated 5 years ago
- Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address☆23Nov 22, 2021Updated 4 years ago
- ☆31Oct 1, 2021Updated 4 years ago
- Library for using direct system calls☆36Jan 30, 2025Updated last year