0mWindyBug/KDP-compatible-driver-loader external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

0mWindyBug/KDP-compatible-driver-loader

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/0mWindyBug/KDP-compatible-driver-loader)

Close

0mWindyBug / KDP-compatible-driver-loaderView on GitHubMore

• External links
• Readme badge

KDP compatible unsigned driver loader leveraging a write primitive in one of the IOCTLs of gdrv.sys

☆165Jun 14, 2024Updated last year

Alternatives and similar repositories for KDP-compatible-driver-loader

Users that are interested in KDP-compatible-driver-loader are comparing it to the libraries listed below

• 0mWindyBug / GhostMapperUM

  View on GitHub
  manual map unsigned driver over signed memory
  ☆219Apr 11, 2024Updated last year
• 0mWindyBug / KernelInjector

  View on GitHub
  PoC kernel to usermode injection
  ☆105Feb 26, 2024Updated 2 years ago
• emlinhax / dse_hook

  View on GitHub
  load unsigned kernel-driver by patching dse in 248 lines
  ☆143Mar 22, 2024Updated last year
• 0mWindyBug / MinifilterHook

  View on GitHub
  silence file system monitoring components by hooking their minifilters
  ☆60Jan 31, 2024Updated 2 years ago
• zer0condition / GDRVLoader

  View on GitHub
  Unsigned driver loader using CVE-2018-19320
  ☆334Apr 9, 2023Updated 2 years ago
• armvirus / CosMapper

  View on GitHub
  Loads a signed kernel driver which allows you to map any driver to kernel mode without any traces of the signed / mapped driver.
  ☆382Aug 8, 2021Updated 4 years ago
• zer0condition / NVDrv

  View on GitHub
  Abusing nvidia driver (nvoclock.sys) for physical/virtual memory and control register manipulation.
  ☆276Aug 25, 2023Updated 2 years ago
• 0mWindyBug / DataptrHooks

  View on GitHub
  ntoskrnl .data hooks for UM-KM communication
  ☆54May 26, 2024Updated last year
• vasie1337 / sharedsection-driver

  View on GitHub
  driver that communicates using a shared section
  ☆90Mar 17, 2025Updated 11 months ago
• kkent030315 / anymapper

  View on GitHub
  x64 Windows kernel driver mapper, inject unsigned driver using anycall
  ☆203Feb 14, 2024Updated 2 years ago
• armvirus / SinMapper

  View on GitHub
  usermode driver mapper that forcefully loads any signed kernel driver (legit cert) with a big enough section (example: .data, .rdata) to …
  ☆470Jan 3, 2022Updated 4 years ago
• zer0condition / GDRVLib

  View on GitHub
  Virtual and physical memory hacking library using gigabyte vulnerable driver
  ☆71Apr 9, 2023Updated 2 years ago
• donnaskiez / nmi

  View on GitHub
  nmi stackwalking + module verification
  ☆162Dec 28, 2023Updated 2 years ago
• xu-Wan / HypercallPageHook

  View on GitHub
  POC Hook of nt!HvcallCodeVa
  ☆54May 8, 2023Updated 2 years ago
• Spuckwaffel / Kernel-Thread-Driver

  View on GitHub
  This is a simple project of a driver + usermode.
  ☆168Jan 31, 2022Updated 4 years ago
• SamuelTulach / DirectPageManipulation

  View on GitHub
  A basic demonstration of directly overwriting paging structures for physical memory r/w and interprocess memory copy
  ☆103Jun 26, 2023Updated 2 years ago
• SamuelTulach / RwxMeme

  View on GitHub
  State of the art DLL injector that took 20 minutes to make
  ☆226Aug 16, 2023Updated 2 years ago
• zer0condition / ZeroThreadKernel

  View on GitHub
  Recursive and arbitrary code execution at kernel-level without a system thread creation
  ☆159Apr 13, 2023Updated 2 years ago
• stdhu / windows-kernel-pagehook

  View on GitHub
  windows kernel pagehook
  ☆41Oct 30, 2022Updated 3 years ago
• zer0condition / ZeroHVCI

  View on GitHub
  Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling withou…
  ☆253Oct 26, 2024Updated last year
• kkent030315 / anycall

  View on GitHub
  x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration
  ☆386Jul 6, 2022Updated 3 years ago
• VollRagm / lpmapper

  View on GitHub
  A mapper that maps shellcode into loaded large page drivers
  ☆324Apr 26, 2022Updated 3 years ago
• ekknod / acdrv

  View on GitHub
  base for testing
  ☆186Sep 28, 2024Updated last year
• kprprivate / EAC-CR3-BYPASS

  View on GitHub
  A simple UM + KM example of how to bypass EAC CR3
  ☆183Oct 13, 2025Updated 4 months ago
• Th3Spl / IoCreateDriver

  View on GitHub
  IoCreateDriver Implementation, it can be useful if you're trying to bypass anticheats
  ☆122Dec 4, 2025Updated 2 months ago
• MmMapIoSpace / UCMapper

  View on GitHub
  Unknowncheats Magically Optimized Tidy Mapper using nvaudio
  ☆153Jun 11, 2024Updated last year
• YouNeverKnow00 / Kernelmode-DLL-Injector

  View on GitHub
  Simple Kernelmode DLL Injector with Manual mapping
  ☆338Nov 29, 2023Updated 2 years ago
• fengjixuchui / gdrv-loader

  View on GitHub
  Kernel driver loader using vulnerable gigabyte driver (https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vu…
  ☆275Oct 2, 2021Updated 4 years ago
• DErDYAST1R / 64KernelDriverCleaner

  View on GitHub
  A Kernel Driver that can be used for a cheat or malware base to circumvent common cache & structure table checks. PsLoadedModuleList howe…
  ☆203Sep 27, 2025Updated 5 months ago
• oakboat / RTCore64_Vulnerability

  View on GitHub
  Use RTCore64 to map your driver on windows 11.
  ☆150May 9, 2025Updated 9 months ago
• AmitMoshel1 / PatchGuardEncryptorDriver

  View on GitHub
  A basic implementation of Patch Guard that I implemented, that includes integrity checks and other protection mechanisms I added.
  ☆78Mar 29, 2025Updated 11 months ago
• sondernextdoor / Poseidon

  View on GitHub
  Stealthy UM <-> KM communication system without creating any system threads, permanent hooks, driver objects, section objects or device o…
  ☆379Mar 15, 2024Updated last year
• charliewolfe / Stealthy-Kernelmode-Injector

  View on GitHub
  Manual mapper that uses PTE manipulation, Virtual Address Descriptor (VAD) manipulation, and forceful memory allocation to hide executabl…
  ☆385Jan 29, 2022Updated 4 years ago
• Cesusius / Dse-Patcher

  View on GitHub
  Patches DSE by swapping both data ptrs located in SeValidateImageHeader && SeValidateImageData
  ☆22Feb 9, 2024Updated 2 years ago
• ekknod / efi-monitor

  View on GitHub
  just proof of concept. hooking MmCopyMemory PG safe.
  ☆82Nov 13, 2023Updated 2 years ago
• 0mWindyBug / WFPCalloutReserach

  View on GitHub
  research revolving the windows filtering platform callout mechanism
  ☆39May 26, 2024Updated last year
• Splitx12 / imxyviMapper

  View on GitHub
  Based on physmeme
  ☆74Apr 30, 2022Updated 3 years ago
• crvvdev / MasterHide

  View on GitHub
  A x64 Windows Rootkit using SSDT or Hypervisor hook
  ☆561Jan 4, 2025Updated last year
• rogxo / ReadPhys

  View on GitHub
  r/w virtual memory without attach
  ☆218Oct 19, 2023Updated 2 years ago